rpm package
suse/libvorbis&distro=SUSE Linux Enterprise Desktop 12 SP2
pkg:rpm/suse/libvorbis&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5146 | — | < 1.3.3-10.6.1 | 1.3.3-10.6.1 | Jun 11, 2018 | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | ||
| CVE-2017-14633 | Med | 6.5 | < 1.3.3-10.3.1 | 1.3.3-10.3.1 | Sep 21, 2017 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | |
| CVE-2017-14632 | Cri | 9.8 | < 1.3.3-10.3.1 | 1.3.3-10.3.1 | Sep 21, 2017 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. |
- CVE-2018-5146Jun 11, 2018affected < 1.3.3-10.6.1fixed 1.3.3-10.6.1
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
- affected < 1.3.3-10.3.1fixed 1.3.3-10.3.1
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
- affected < 1.3.3-10.3.1fixed 1.3.3-10.3.1
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.