VDB
ALPINE-CVE-2017-14632
ALPINE-CVE-2017-14632
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.7 | libvorbis | 1.3.5-r3, 1.3.1-r1, 1.2.0-r0 |
| Alpine:v3.11 | libvorbis | 1.3.5-r2, 1.3.5-r3, 1.3.5-r2 |
| Alpine:v3.18 | libvorbis | 0, 1.3.5-r2, 1.3.5-r1 |
| Alpine:v3.21 | libvorbis | 1.3.5-r0, 1.3.4-r0, 1.3.3-r1 |
| Alpine:v3.16 | libvorbis | 1.3.3-r1, 1.3.4-r0, 1.3.5-r0 |
| Alpine:v3.17 | libvorbis | 1.3.3-r0, 0, 1.2.0-r0 |
| Alpine:v3.23 | libvorbis | 1.3.5-r2, 0, 1.2.0-r0 |
| Alpine:v3.9 | libvorbis | 1.3.5-r3, 1.3.5-r2, 1.3.5-r1 |
| Alpine:v3.13 | libvorbis | 0, 1.3.5-r3, 1.3.5-r2 |
| Alpine:v3.20 | libvorbis | 1.3.5-r0, 1.3.5-r3, 1.3.5-r2 |
| Alpine:v3.14 | libvorbis | 1.2.3-r1, 1.3.5-r2, 1.3.5-r1 |
| Alpine:v3.5 | libvorbis | 0, 0, 1.2.3-r1 |
| Alpine:v3.15 | libvorbis | 1.2.0-r0, 1.2.0-r0, 0 |
| Alpine:v3.4 | libvorbis | 1.3.3-r1, 0, 1.2.0-r0 |
| Alpine:v3.10 | libvorbis | 0, 1.3.5-r3, 1.3.5-r2 |
| Alpine:v3.6 | libvorbis | 1.3.2-r2, 1.3.3-r0, 0 |
| Alpine:v3.8 | libvorbis | 1.3.5-r2, 1.3.5-r0, 1.3.4-r0 |
| Alpine:v3.22 | libvorbis | 1.3.5-r3, 1.3.5-r2, 1.3.5-r1 |
| Alpine:v3.12 | libvorbis | 1.3.5-r1, 1.3.5-r3, 1.3.5-r2 |
| Alpine:v3.19 | libvorbis | 1.3.2-r1, 1.3.2-r0, 1.3.1-r2 |
Timeline
- Sep 21, 2017 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch