CVE-2017-14632 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-658 | lib32-libvorbis | 1.3.5-1 | 1.3.6-1 | Critical | Fixed | |
| AVG-367 | libvorbis | 1.3.5-1 | 1.3.6-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 19 Mar 2018 | ASA-201803-21 | AVG-658 | lib32-libvorbis | Critical | multiple issues |
| 16 Mar 2018 | ASA-201803-12 | AVG-367 | libvorbis | Critical | multiple issues |
| References |
|---|
https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f |