CVE-2017-14632

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Group Package Affected Fixed Severity Status Ticket
AVG-658 lib32-libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
AVG-367 libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
Date Advisory Group Package Severity Description
19 Mar 2018 ASA-201803-21 AVG-658 lib32-libvorbis Critical multiple issues
16 Mar 2018 ASA-201803-12 AVG-367 libvorbis Critical multiple issues
References
https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f