VDB

GCVE-VVD-MAGEIA-2018-294

GCVE-VVD-MAGEIA-2018-294
Advisory Published
Vulnetix · Advisory published June 24, 2018
The updated packages fix security vulnerabilities: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. (CVE-2017-14160) mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. (CVE-2018-10392) bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. (CVE-2018-10393)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialibvorbis0 (affected), 1.3.5-1.4.mga5 (unaffected)
Mageialibvorbis0 (affected), 1.3.5-2.4.mga6 (unaffected)

Aliases

CVE-2018-10392CVE-2017-14160CVE-2018-10393

Transitive aliases

GHSA-w834-9cg6-cm69BDU:2020-03313VVD-GENTOO-2019-699862BDU:2020-03314EUVD-2018-2466EUVD-2017-5670BDU:2022-05863GHSA-gqh4-wfj8-7856EUVD-2018-2465ALSA-2019:3703GHSA-g94q-v9xg-xv9r

References

Updated libvorbis packages fix security vulnerabilities
advisory
Updated libvorbis packages fix security vulnerabilities
issue
Updated libvorbis packages fix security vulnerabilities
issue
Updated libvorbis packages fix security vulnerabilities
issue
Updated libvorbis packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›