Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Reference implementation of the Ogg Vorbis audio format
Version 1.3.7-3 [extra]


Group Affected Fixed Severity Status Ticket
AVG-367 1.3.5-1 1.3.6-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-5146 AVG-367 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2017-14633 AVG-367 Medium Yes Denial of service
In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS...
CVE-2017-14632 AVG-367 Critical Yes Arbitrary code execution
fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when...
CVE-2017-11333 AVG-367 Low Yes Denial of service
A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file can trigger an invalid memory allocation in the...


Date Advisory Group Severity Type
16 Mar 2018 ASA-201803-12 AVG-367 Critical multiple issues