{"id":"CVE-2015-6749","details":"Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.","modified":"2026-01-27T04:14:01.079194Z","published":"2015-09-21T19:59:02Z","withdrawn":"2026-01-27T04:14:01.079194Z","related":["MGASA-2015-0353","SUSE-SU-2015:1765-1","SUSE-SU-2015:1775-1","openSUSE-SU-2024:10259-1"],"references":[{"type":"EVIDENCE","url":"https://trac.xiph.org/ticket/2212"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1258424"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1258443"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165555.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166424.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2015-10/msg00013.html"},{"type":"WEB","url":"http://seclists.org/oss-sec/2015/q3/455"},{"type":"WEB","url":"http://seclists.org/oss-sec/2015/q3/457"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797461"},{"type":"WEB","url":"https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch"}],"schema_version":"1.7.3"}