#1136943 vorbis-tools: CVE-2026-34253

Package:
src:vorbis-tools
Source:
src:vorbis-tools
Submitter:
Salvatore Bonaccorso
Date:
2026-05-17 13:19:02 UTC
Severity:
normal
Tags:
#1136943#5
Date:
2026-05-17 13:17:58 UTC
From:
To:
Hi,

The following vulnerability was published for vorbis-tools.

CVE-2026-34253[0]:
| A buffer underflow vulnerability has been identified in the ogg123
| utility from the vorbis-tools 1.4.3 package in function remotethread
| in remote.c. This vulnerability occurs in the remote control
| functionality when processing malformed input, leading to a stack
| buffer underflow that can cause application crashes and potentially
| allow code execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-34253
https://www.cve.org/CVERecord?id=CVE-2026-34253
[1] https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
[2] https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/27

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore