Known Vulnerabilities for products from Xiph
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Xiph".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-23904 | ** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a ... | 5.5 - MEDIUM | 2021-11-10 | 2023-11-07 |
| CVE-2020-23903 | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of se... | 5.5 - MEDIUM | 2021-11-10 | 2023-11-07 |
| CVE-2018-18820 | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, th... | 8.1 - HIGH | 2018-11-05 | 2019-01-23 |
| CVE-2017-11548 | The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (me... | 5.5 - MEDIUM | 2017-07-31 | 2020-05-28 |
| CVE-2017-11331 | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (... | 5.5 - MEDIUM | 2017-07-31 | 2020-05-28 |
| CVE-2015-6749 | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to caus... | 4.3 - MEDIUM | 2015-09-21 | 2016-12-08 |
| CVE-2015-3026 | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial... | 5 - MEDIUM | 2015-04-29 | 2018-10-30 |
| CVE-2014-9640 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2014-9639 | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted n... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2014-9638 | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV ... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2011-4612 | icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via... | 5 - MEDIUM | 2012-11-20 | 2021-09-09 |
| CVE-2008-1686 | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable Direc... | 9.3 - HIGH | 2008-04-08 | 2018-10-11 |
| CVE-2007-1344 | Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a c... | 9.3 - HIGH | 2007-03-08 | 2021-07-12 |
Known software with vulnerabilities from Xiph
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Xiph | Icecast | 0.4.1 |
| Application | Xiph | Libao | 1.2.0 |
| Application | Xiph | Libvorbis | 1.0 |
| Application | Xiph | Vorbis-tools | 1.4.0 |