CVE-2017-14633

Source
Severity Medium
Remote Yes
Type Denial of service
Description
In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Group Package Affected Fixed Severity Status Ticket
AVG-658 lib32-libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
AVG-367 libvorbis 1.3.5-1 1.3.6-1 Critical Fixed
Date Advisory Group Package Severity Description
19 Mar 2018 ASA-201803-21 AVG-658 lib32-libvorbis Critical multiple issues
16 Mar 2018 ASA-201803-12 AVG-367 libvorbis Critical multiple issues
References
https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993