VDB

MAGEIA-2018-84

MAGEIA-2018-84 PUBLISHED

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184 (CVE-2017-14632). In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis() (CVE-2017-14633).

Affected Products

VendorProductVersions
Mageialibvorbis0, 1.3.5-1.1.mga5, 1.3.5-1.1.mga5
Mageialm_sensors0, 3.4.0.git20180318-1.mga6

Timeline

  • Jan 14, 2018 CVE Updated
  • Jan 14, 2018 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›