Package : libvorbis
Version : 1.3.2-1.3+deb7u1
CVE ID : CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
Serious vulnerabilities were found in the libvorbis library, commonly
used to encode and decode audio in OGG containers.
2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in
mapping0.c, which may lead to DoS when operating on a crafted
audio file with vorbis_analysis().
2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon
freeing uninitialized memory in the function
vorbis_analysis_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis 1.3.5 allows remote attackers to cause a denial of
service (OOM) via a crafted wav file.
2018-5146
out-of-bounds memory write in the codeboook parsing code of the
Libvorbis multimedia library could result in the execution of
arbitrary code.
For Debian 7 "Wheezy", these problems have been fixed in version
1.3.2-1.3+deb7u1.
We recommend that you upgrade your libvorbis packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-1368-1: libvorbis security update
April 30, 2018
Serious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers
Summary
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in
mapping0.c, which may lead to DoS when operating on a crafted
audio file with vorbis_analysis().
2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon
freeing uninitialized memory in the function
vorbis_analysis_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis 1.3.5 allows remote attackers to cause a denial of
service (OOM) via a crafted wav file.
2018-5146
out-of-bounds memory write in the codeboook parsing code of the
Libvorbis multimedia library could result in the execution of
arbitrary code.
For Debian 7 "Wheezy", these problems have been fixed in version
1.3.2-1.3+deb7u1.
We recommend that you upgrade your libvorbis packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package :libvorbis
Version : 1.3.2-1.3+deb7u1
CVE ID : CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
News
HOWTOs
About Us
Powered By
