CVE-2018-5147 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-659	firefox	59.0-2	59.0.1-1	Critical	Not affected

References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5147 https://git.xiph.org/?p=tremor.git;a=commitdiff;h=562307a4a7082e24553f3d2c55dab397a17c4b4f http://seclists.org/oss-sec/2018/q1/243

References

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5147
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
http://seclists.org/oss-sec/2018/q1/243

Notes
The libtremor library has the same flaw as CVE-2018-5146.