Xiph
Products by Xiph Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Xiph . Last year Xiph had 2 security vulnerabilities published. Right now, Xiph is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.80 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 5.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.10 |
It may take a day or so for new Xiph vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xiph Security Vulnerabilities
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code
CVE-2023-43361
7.8 - High
- October 02, 2023
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Memory Corruption
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12
CVE-2022-47021
7.8 - High
- January 20, 2023
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
NULL Pointer Dereference
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file
CVE-2020-23904
5.5 - Medium
- November 10, 2021
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Memory Corruption
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2
CVE-2020-23903
5.5 - Medium
- November 10, 2021
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Divide By Zero
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4
CVE-2018-18820
8.1 - High
- November 05, 2018
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
Buffer Overflow
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0
CVE-2017-11331
5.5 - Medium
- July 31, 2017
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
Buffer Overflow
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0
CVE-2017-11548
5.5 - Medium
- July 31, 2017
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
Buffer Overflow
icecast before 2.3.3
CVE-2011-4612
- November 20, 2012
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Improper Input Validation
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0
CVE-2007-1344
- March 08, 2007
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.