CVE-2017-14632 log

Severity Critical
Remote Yes
Type Arbitrary code execution
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Group Package Affected Fixed Severity Status Ticket
AVG-658 lib32-libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
AVG-367 libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
Date Advisory Group Package Severity Type
19 Mar 2018 ASA-201803-21 AVG-658 lib32-libvorbis Critical multiple issues
16 Mar 2018 ASA-201803-12 AVG-367 libvorbis Critical multiple issues