CVE-2018-5146 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-663 | thunderbird | 52.6.0-2 | 52.7.0-1 | Critical | Fixed | |
| AVG-658 | lib32-libvorbis | 1.3.5-1 | 1.3.6-1 | Critical | Fixed | |
| AVG-657 | firefox | 59.0-2 | 59.0.1-1 | Critical | Fixed | |
| AVG-367 | libvorbis | 1.3.5-1 | 1.3.6-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 24 Mar 2018 | ASA-201803-22 | AVG-663 | thunderbird | Critical | multiple issues |
| 19 Mar 2018 | ASA-201803-21 | AVG-658 | lib32-libvorbis | Critical | multiple issues |
| 18 Mar 2018 | ASA-201803-13 | AVG-657 | firefox | Critical | arbitrary code execution |
| 16 Mar 2018 | ASA-201803-12 | AVG-367 | libvorbis | Critical | multiple issues |
| References |
|---|
https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f http://seclists.org/oss-sec/2018/q1/243 |