VDB
MAGEIA-2018-84
MAGEIA-2018-84
PUBLISHED
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184 (CVE-2017-14632). In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis() (CVE-2017-14633).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | libvorbis | 0, 1.3.5-1.1.mga5, 1.3.5-1.1.mga5 |
| Mageia | lm_sensors | 0, 3.4.0.git20180318-1.mga6 |
Timeline
- Jan 14, 2018 CVE Updated
- Jan 14, 2018 CVE Published