Opened 9 months ago
Closed 9 months ago
#20125 closed defect (fixed)
Fix CVE-2023-43361 in vorbis-tools
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
This should be doable via a sed. The patch can be found at https://src.fedoraproject.org/rpms/vorbis-tools/blob/rawhide/f/vorbis-tools-1.4.2-CVE-2023-43361.patch
This issue is rated as High at NVD, though note that it's only exploitable locally since you have to do operations on a crafted file to exploit the vulnerability. The vulnerability looks to allow for arbitrary code execution or a denial of service when converting WAV files to OGG files.
Change History (2)
comment:1 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at 217c80c9ad1ac7b1b8277c872caa66b700c3456d
SA-12.1-079 issued