rpm package
suse/libvorbis&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/libvorbis&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5146 | — | < 1.2.0-79.20.6.1 | 1.2.0-79.20.6.1 | Jun 11, 2018 | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | ||
| CVE-2018-10393 | — | < 1.2.0-79.20.11.1 | 1.2.0-79.20.11.1 | Apr 26, 2018 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | ||
| CVE-2018-10392 | — | < 1.2.0-79.20.14.1 | 1.2.0-79.20.14.1 | Apr 26, 2018 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-14160 | Hig | 8.8 | < 1.2.0-79.20.11.1 | 1.2.0-79.20.11.1 | Sep 21, 2017 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | |
| CVE-2017-14633 | Med | 6.5 | < 1.2.0-79.20.3.1 | 1.2.0-79.20.3.1 | Sep 21, 2017 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | |
| CVE-2017-14632 | Cri | 9.8 | < 1.2.0-79.20.3.1 | 1.2.0-79.20.3.1 | Sep 21, 2017 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. |
- CVE-2018-5146Jun 11, 2018affected < 1.2.0-79.20.6.1fixed 1.2.0-79.20.6.1
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
- CVE-2018-10393Apr 26, 2018affected < 1.2.0-79.20.11.1fixed 1.2.0-79.20.11.1
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
- CVE-2018-10392Apr 26, 2018affected < 1.2.0-79.20.14.1fixed 1.2.0-79.20.14.1
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
- affected < 1.2.0-79.20.11.1fixed 1.2.0-79.20.11.1
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
- affected < 1.2.0-79.20.3.1fixed 1.2.0-79.20.3.1
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
- affected < 1.2.0-79.20.3.1fixed 1.2.0-79.20.3.1
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.