Source: oggvideotools X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for oggvideotools. CVE-2020-21722[0]: | Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote | attackers to run arbitrary code via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/11/ CVE-2020-21723[1]: | A Segmentation Fault issue discovered | StreamSerializer::extractStreams function in streamSerializer.cpp in | oggvideotools 0.9.1 allows remote attackers to cause a denial of | service (crash) via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/10 CVE-2020-21724[2]: | Buffer Overflow vulnerability in ExtractorInformation function in | streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers | to run arbitrary code via opening of crafted ogg file. https://sourceforge.net/p/oggvideotools/bugs/9 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21722 https://www.cve.org/CVERecord?id=CVE-2020-21722 [1] https://security-tracker.debian.org/tracker/CVE-2020-21723 https://www.cve.org/CVERecord?id=CVE-2020-21723 [2] https://security-tracker.debian.org/tracker/CVE-2020-21724 https://www.cve.org/CVERecord?id=CVE-2020-21724 Please adjust the affected versions in the BTS as needed.
