VDB

GCVE-VVD-MAGEIA-2018-84

GCVE-VVD-MAGEIA-2018-84
Advisory Published
Vulnetix · Advisory published May 17, 2018
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184 (CVE-2017-14632). In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis() (CVE-2017-14633).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialm_sensors0 (affected), 3.4.0.git20180318-1.mga6 (unaffected)
Mageialibvorbis0 (affected), 1.3.5-1.1.mga5 (unaffected), 0 (affected), 1.3.5-1.1.mga5 (unaffected)

Aliases

CVE-2017-14633CVE-2017-14632

Transitive aliases

GHSA-pmfq-f4h4-9pwpSUSE-SU-2018:0015-1VVD-GENTOO-2017-631632GSD-2017-14632EUVD-2017-6133GHSA-rq4g-xjq5-5h9mEUVD-2017-6132CNVD-2017-35392VVD-MAGEIA-2018-70OPENSUSE-SU-2024:11009-1SUSE-SU-2018:0016-1

References

Updated libvorbis packages fix security vulnerabilities
advisory
Updated libvorbis packages fix security vulnerabilities
issue
Updated libvorbis packages fix security vulnerabilities
issue
Updated lm_sensors packages for Amd Ryzen
advisory
Updated lm_sensors packages for Amd Ryzen
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›