Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xiph.org libvorbis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
8.8
CVSSv3
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote malicious users to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Tus 8.4
8.8
CVSSv3
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote malicious users to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Tus 8.4
6.5
CVSSv3
CVE-2020-20412
lib/codebook.c in libvorbis prior to 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
Xiph.org Libvorbis
Stepmania Stepmania 5.0.12
6.5
CVSSv3
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
5.5
CVSSv3
CVE-2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote malicious users to cause a denial of service (OOM) via a crafted wav file.
Xiph.org Libvorbis 1.3.5
1 EDB exploit
NA
CVE-2008-1419
Xiph.org libvorbis 1.2.0 and previous versions does not properly handle a zero value for codebook.dim, which allows remote malicious users to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
Xiph.org Libvorbis 1.1.0
Xiph.org Libvorbis 1.1.1
Xiph.org Libvorbis 1.0.0
Xiph.org Libvorbis 1.0.1
Xiph.org Libvorbis 1.12
Xiph.org Libvorbis 1.2.0
NA
CVE-2008-2009
Xiph.org libvorbis prior to 1.0 does not properly check for underpopulated Huffman trees, which allows remote malicious users to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
Xiph.org Libvorbis 1.0
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 9.10
NA
CVE-2008-1420
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and previous versions allows remote malicious users to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
Xiph.org Libvorbis 1.2.0
Xiph.org Libvorbis 1.0.1
Xiph.org Libvorbis 1.1.0
Xiph.org Libvorbis 1.1.1
Xiph.org Libvorbis 1.12
Xiph.org Libvorbis 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »