libvorbis

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Vorbis codec library
Version 1.3.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-367 1.3.5-1 1.3.6-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-5146 AVG-367 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-14633 AVG-367 Medium Yes Denial of service
In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS...
CVE-2017-14632 AVG-367 Critical Yes Arbitrary code execution
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when...

Advisories

Date Advisory Group Severity Description
16 Mar 2018 ASA-201803-12 AVG-367 Critical multiple issues