Synopsis:
vorbis-tools security updateSummary:
An update for vorbis-tools is now available for openEuler-22.03-LTS-SP4Description:
Ogg Vorbis is a fully open, non-proprietary, patent-and-royalty-free, general-purpose compressed audio format for mid to high quality (8kHz-48.0kHz, 16+ bit, polyphonic) audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. This places Vorbis in the same competitive class as audio representations such as MPEG-4 (AAC), and similar to, but higher performance than MPEG-1/2 audio layer 3, MPEG-4 audio (TwinVQ), WMA and PAC.
Security Fix(es):
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.(CVE-2026-34253)Topic:
An update for vorbis-tools is now available for openEuler-22.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
vorbis-tools
1.4.2-5.oe2203sp41.4.2-5.oe2203sp41.4.2-5.oe2203sp41.4.2-5.oe2203sp4Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:LA:H8.2/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H