Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiph.org libvorbis 1.3.6 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
8.8
CVSSv3
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote malicious users to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Tus 8.4
7.5
CVSSv3
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Tus 8.4
6.5
CVSSv3
CVE-2020-20412
lib/codebook.c in libvorbis prior to 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
Xiph.org Libvorbis
Stepmania Stepmania 5.0.12
6.5
CVSSv3
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started