Package: liboggz2 Version: 1.1.1-7 Severity: important Tags: security, upstream Dear Maintainer, This bug causes a crash in the application when a specially crafted input file is parsed. It's a read violation of about 43k bytes caused by a heap buffer overflow at src/liboggz/oggz_comments.c:604:4 in oggz_comments_decode(). To reproduce: Install oggz-tools package. Run the command oggz-validate input_file.ogg I'm sending attached an input file that triggers the bug. Thank you, Rafael.
Attachment:
oggz_comments_decode.ogg
Description: video/ogg