libvorbis
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Reference implementation of the Ogg Vorbis audio format |
| Version | 1.3.7-4 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-367 | 1.3.5-1 | 1.3.6-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-5146 | AVG-367 | Critical | Yes | Arbitrary code execution | An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are... |
| CVE-2017-14633 | AVG-367 | Medium | Yes | Denial of service | In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS... |
| CVE-2017-14632 | AVG-367 | Critical | Yes | Arbitrary code execution | fXiph.Org libvorbis before 1.3.6 allows remote code execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when... |
| CVE-2017-11333 | AVG-367 | Low | Yes | Denial of service | A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file can trigger an invalid memory allocation in the... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 16 Mar 2018 | ASA-201803-12 | AVG-367 | Critical | multiple issues |