Known Vulnerabilities for products from Xiph
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Xiph".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-43361 json | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of... | 7.8 - HIGH | 2023-10-02 | 2024-01-27 |
| CVE-2022-47021 json | A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru... | 7.8 - HIGH | 2023-01-20 | 2023-11-07 |
| CVE-2020-23904 json | ** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a ... | 5.5 - MEDIUM | 2021-11-10 | 2023-11-07 |
| CVE-2020-23903 json | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of se... | 5.5 - MEDIUM | 2021-11-10 | 2023-11-07 |
| CVE-2018-18820 json | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, th... | 8.1 - HIGH | 2018-11-05 | 2019-01-23 |
| CVE-2017-11548 json | The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (me... | 5.5 - MEDIUM | 2017-07-31 | 2020-05-28 |
| CVE-2017-11331 json | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (... | 5.5 - MEDIUM | 2017-07-31 | 2020-05-28 |
| CVE-2015-6749 json | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to caus... | 4.3 - MEDIUM | 2015-09-21 | 2016-12-08 |
| CVE-2015-3026 json | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial... | 5 - MEDIUM | 2015-04-29 | 2018-10-30 |
| CVE-2014-9640 json | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2014-9639 json | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted n... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2014-9638 json | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV ... | 5 - MEDIUM | 2015-01-23 | 2018-10-30 |
| CVE-2011-4612 json | icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via... | 5 - MEDIUM | 2012-11-20 | 2021-09-09 |
| CVE-2008-1686 json | Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable Direc... | 9.3 - HIGH | 2008-04-08 | 2018-10-11 |
| CVE-2007-1344 json | Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a c... | 9.3 - HIGH | 2007-03-08 | 2021-07-12 |
Known software with vulnerabilities from Xiph
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Xiph | Icecast | 0.4.1 |
| Application | Xiph | Libao | 1.2.0 |
| Application | Xiph | Libvorbis | 1.0 |
| Application | Xiph | Vorbis-tools | 1.4.0 |