AVG-367 log

Package libvorbis
Status Fixed
Severity Critical
Type multiple issues
Affected 1.3.5-1
Fixed 1.3.6-1
Current 1.3.7-3 [extra]
Ticket None
Created Wed Aug 2 14:29:01 2017
Issue Severity Remote Type Description
CVE-2018-5146 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-14633 Medium Yes Denial of service
In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS...
CVE-2017-14632 Critical Yes Arbitrary code execution
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when...
CVE-2017-11333 Low Yes Denial of service
A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file can trigger an invalid memory allocation in the...
Date Advisory Package Type
16 Mar 2018 ASA-201803-12 libvorbis multiple issues