rpm package
opensuse/libvorbis&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libvorbis&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5146 | — | < 1.3.7-1.6 | 1.3.7-1.6 | Jun 11, 2018 | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | ||
| CVE-2018-10393 | — | < 1.3.7-1.6 | 1.3.7-1.6 | Apr 26, 2018 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | ||
| CVE-2018-10392 | — | < 1.3.7-1.6 | 1.3.7-1.6 | Apr 26, 2018 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-14160 | Hig | 8.8 | < 1.3.7-1.6 | 1.3.7-1.6 | Sep 21, 2017 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | |
| CVE-2017-14633 | Med | 6.5 | < 1.3.7-1.6 | 1.3.7-1.6 | Sep 21, 2017 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | |
| CVE-2017-14632 | Cri | 9.8 | < 1.3.7-1.6 | 1.3.7-1.6 | Sep 21, 2017 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | |
| CVE-2012-0444 | — | < 1.3.5-2.1 | 1.3.5-2.1 | Feb 1, 2012 | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) | ||
| CVE-2009-3379 | — | < 1.3.5-2.1 | 1.3.5-2.1 | Oct 29, 2009 | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | ||
| CVE-2008-1423 | — | < 1.3.7-1.6 | 1.3.7-1.6 | May 16, 2008 | Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a he | ||
| CVE-2008-1420 | — | < 1.3.5-2.1 | 1.3.5-2.1 | May 16, 2008 | Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. | ||
| CVE-2008-1419 | — | < 1.3.7-1.6 | 1.3.7-1.6 | May 16, 2008 | Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. | ||
| CVE-2007-3106 | — | < 1.3.7-1.6 | 1.3.7-1.6 | Jul 26, 2007 | lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse |
- CVE-2018-5146Jun 11, 2018affected < 1.3.7-1.6fixed 1.3.7-1.6
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
- CVE-2018-10393Apr 26, 2018affected < 1.3.7-1.6fixed 1.3.7-1.6
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
- CVE-2018-10392Apr 26, 2018affected < 1.3.7-1.6fixed 1.3.7-1.6
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
- affected < 1.3.7-1.6fixed 1.3.7-1.6
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
- affected < 1.3.7-1.6fixed 1.3.7-1.6
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
- affected < 1.3.7-1.6fixed 1.3.7-1.6
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
- CVE-2012-0444Feb 1, 2012affected < 1.3.5-2.1fixed 1.3.5-2.1
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash)
- CVE-2009-3379Oct 29, 2009affected < 1.3.5-2.1fixed 1.3.5-2.1
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
- CVE-2008-1423May 16, 2008affected < 1.3.7-1.6fixed 1.3.7-1.6
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a he
- CVE-2008-1420May 16, 2008affected < 1.3.5-2.1fixed 1.3.5-2.1
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
- CVE-2008-1419May 16, 2008affected < 1.3.7-1.6fixed 1.3.7-1.6
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
- CVE-2007-3106Jul 26, 2007affected < 1.3.7-1.6fixed 1.3.7-1.6
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse