ArchLinux: 201803-12: libvorbis: multiple issues

    Date19 Mar 2018
    CategoryArchLinux
    568
    Posted ByAnthony Pell
    The package libvorbis before version 1.3.6-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
    Arch Linux Security Advisory ASA-201803-12
    ==========================================
    
    Severity: Critical
    Date    : 2018-03-16
    CVE-ID  : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
    Package : libvorbis
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-367
    
    Summary
    =======
    
    The package libvorbis before version 1.3.6-1 is vulnerable to multiple
    issues including arbitrary code execution and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 1.3.6-1.
    
    # pacman -Syu "libvorbis>=1.3.6-1"
    
    The problems have been fixed upstream in version 1.3.6.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2017-14632 (arbitrary code execution)
    
    fXiph.Org libvorbis before 1.3.6 allows remote code execution upon
    freeing uninitialized memory in the function
    vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar
    issue to Mozilla bug 550184.
    
    - CVE-2017-14633 (denial of service)
    
    In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read
    vulnerability exists in the function mapping0_forward() in mapping0.c,
    which may lead to DoS when operating on a crafted audio file with
    vorbis_analysis().
    
    - CVE-2018-5146 (arbitrary code execution)
    
    An out of bounds memory write vulnerability has been discovered in
    libvorbis before 1.3.6 while processing Vorbis audio data related to
    codebooks that are not an exact divisor of the partition size.
    
    Impact
    ======
    
    A remote attacker is able to execute arbitrary code or crash the
    application by tricking the user into playing a specially crafted
    vorbis file.
    
    References
    ==========
    
    https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f
    https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
    https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
    http://seclists.org/oss-sec/2018/q1/243
    https://security.archlinux.org/CVE-2017-14632
    https://security.archlinux.org/CVE-2017-14633
    https://security.archlinux.org/CVE-2018-5146
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.