MGASA-2019-0059 — Vulnetix

MGASA-2019-0059 PUBLISHED CVSS 8.699999809265137 HIGH

The vorbis library version 1.3.6 fix security vulnerabilities: - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbis_block_clear function in lib/block.c - CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Mageia:6	libvorbis	0, 0

Timeline

Jan 31, 2019 CVE Published
Apr 16, 2026 CVE Updated

References

https://advisories.mageia.org/MGASA-2019-0059.html advisory
https://bugs.mageia.org/show_bug.cgi?id=24252 report
https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html url
http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html url
https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html url

Open in Interactive Console →