user/libvorbis: multiple vulnerabilities
Bugzilla ID | 157 |
Alias(es) | CVE-2018-10392, CVE-2018-10393 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 10:05:53 -0500 |
Modified | 2019-09-28 13:33:58 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2018-10392: https://nvd.nist.gov/vuln/detail/CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
validate the number of channels, which allows remote attackers to
cause a denial of service (heap-based buffer overflow or over-read) or
possibly have unspecified other impact via a crafted file.
CVE-2018-10393: https://nvd.nist.gov/vuln/detail/CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-
based buffer over-read.