CVE-2023-43361: Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. Fix appears to be https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7, but unmerged.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05aa17f5639172598cd0ab639cf51afe789a755d commit 05aa17f5639172598cd0ab639cf51afe789a755d Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2024-01-04 10:25:24 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-01-04 10:25:34 +0000 media-sound/vorbis-tools: applied buffer overflow fix Bug: https://bugs.gentoo.org/918549 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> .../files/vorbis-tools-1.4.2-docdir.patch | 4 +-- .../vorbis-tools-1.4.2-fix-buffer-overflow.patch | 32 ++++++++++++++++++++++ ....4.2-r3.ebuild => vorbis-tools-1.4.2-r4.ebuild} | 3 +- 3 files changed, 36 insertions(+), 3 deletions(-)
