| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size. |
|
| References |
| + |
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5147 |
| + |
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=562307a4a7082e24553f3d2c55dab397a17c4b4f |
| + |
http://seclists.org/oss-sec/2018/q1/243 |
|
| Notes |
| + |
The libtremor library has the same flaw as CVE-2018-5146. |
|