Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918549 (CVE-2023-43361) - <media-sound/vorbis-tools-1.4.2-r4: heap buffer overread
Summary: <media-sound/vorbis-tools-1.4.2-r4: heap buffer overread
Alias: CVE-2023-43361
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa?]
Depends on: 921352
  Show dependency tree
Reported: 2023-11-25 19:21 UTC by John Helmert III
Modified: 2024-02-12 02:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 19:21:23 UTC

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

Fix appears to be, but unmerged.
Comment 1 Larry the Git Cow gentoo-dev 2024-01-04 10:25:38 UTC
The bug has been referenced in the following commit(s):

commit 05aa17f5639172598cd0ab639cf51afe789a755d
Author:     Miroslav Šulc <>
AuthorDate: 2024-01-04 10:25:24 +0000
Commit:     Miroslav Šulc <>
CommitDate: 2024-01-04 10:25:34 +0000

    media-sound/vorbis-tools: applied buffer overflow fix
    Signed-off-by: Miroslav Šulc <>

 .../files/vorbis-tools-1.4.2-docdir.patch          |  4 +--
 .../vorbis-tools-1.4.2-fix-buffer-overflow.patch   | 32 ++++++++++++++++++++++
 ....4.2-r3.ebuild => vorbis-tools-1.4.2-r4.ebuild} |  3 +-
 3 files changed, 36 insertions(+), 3 deletions(-)