AVG-367

Package libvorbis
Status Fixed
Severity Critical
Type multiple issues
Affected 1.3.5-1
Fixed 1.3.6-1
Current 1.3.6-1 [extra]
Ticket None
Created Wed Aug 2 14:29:01 2017
Issue Severity Remote Type Description
CVE-2018-5146 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-14633 Medium Yes Denial of service
In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS...
CVE-2017-14632 Critical Yes Arbitrary code execution
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when...
Date Advisory Package Description
16 Mar 2018 ASA-201803-12 libvorbis multiple issues