Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Debian 7 Wheezy DLA-1368-1 Critical: Libvorbis Out-Of-Bounds Issues

debian lts
Calendar Grey April 30, 2018
Dist Debian Esm H88
Critical flaws identified in libvorbis necessitate updates to safeguard systems against possible exploits and denial-of-service attacks.
Serious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers

Summary

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in
mapping0.c, which may lead to DoS when operating on a crafted
audio file with vorbis_analysis().

2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon
freeing uninitialized memory in the function
vorbis_analysis_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.

2017-11333

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
libvorbis 1.3.5 allows remote attackers to cause a denial of
service (OOM) via a crafted wav file.

2018-5146

out-of-bounds memory write in the codeboook parsing code of the
Libvorbis multimedia library could result in the execution of
arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.2-1.3+deb7u1.

We recommend that you upgrade your libvorbis packages.

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: libvorbis
Version: 1.3.2-1.3+deb7u1
CVE ID: CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.