SynopsisThe remote Debian host is missing a security update.
Descriptionvorbis-tools is vulnerable to multiple issues that can result in denial of service.
Divide by zero error in oggenc with a WAV file whose number of channels is set to zero.
Integer overflow in oggenc via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
Out-of bounds read in oggenc via a crafted raw file.
Buffer overflow in the aiff_open function in oggenc/audio.c via a crafted AIFF file.
For Debian 7 'Wheezy', these problems have been fixed in version 1.4.0-1+deb7u1.
We recommend that you upgrade your vorbis-tools packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected vorbis-tools, and vorbis-tools-dbg packages.