Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-15T00:00:00 vorbis-tools: vorbis-tools ogg123: Arbitrary code execution via buffer underflow in remote control functionality 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CWE-124

A flaw was found in the ogg123 utility of the vorbis-tools package. This buffer underflow vulnerability occurs in the remote control functionality when processing malformed input. A remote attacker could exploit this to cause application crashes and potentially achieve arbitrary code execution.

Red Hat Enterprise Linux 6 Not affected vorbis-tools Red Hat Enterprise Linux 7 Not affected vorbis-tools Red Hat Enterprise Linux 8 Not affected vorbis-tools https://www.cve.org/CVERecord?id=CVE-2026-34253 https://nvd.nist.gov/vuln/detail/CVE-2026-34253 https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153 https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332