AVG-658 log
| Package | lib32-libvorbis |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 1.3.5-1 |
| Fixed | 1.3.6-1 |
| Current | 1.3.7-4 [multilib] |
| Ticket | None |
| Created | Mon Mar 19 11:15:00 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-5146 | Critical | Yes | Arbitrary code execution | An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are... |
| CVE-2017-14633 | Medium | Yes | Denial of service | In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS... |
| CVE-2017-14632 | Critical | Yes | Arbitrary code execution | fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 19 Mar 2018 | ASA-201803-21 | lib32-libvorbis | multiple issues |