Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvorbis libvorbis vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-2009
Xiph.org libvorbis prior to 1.0 does not properly check for underpopulated Huffman trees, which allows remote malicious users to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
Xiph.org Libvorbis 1.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
7.5
CVSSv2
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
4.3
CVSSv2
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
Xiph.org Libvorbis 1.3.5
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
6.8
CVSSv2
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote malicious users to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
5
CVSSv2
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
Xiph.org Libvorbis 1.3.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
10
CVSSv2
CVE-2009-3379
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x prior to 3.5.4, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5.2
NA
CVE-2017-11735
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none
1 EDB exploit
9.3
CVSSv2
CVE-2009-2663
libvorbis before r16182, as used in Mozilla Firefox 3.5.x prior to 3.5.2 and other products, allows context-dependent malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
Mozilla Firefox 0.1
Mozilla Firefox 0.9 Rc
Mozilla Firefox 0.8
Mozilla Firefox 2.0.0.12
Mozilla Firefox 1.5
Mozilla Firefox 2.0 .7
Mozilla Firefox 3.0.7
Mozilla Firefox 1.5.2
Mozilla Firefox 3.0.9
Mozilla Firefox 1.5.0.6
Mozilla Firefox 1.8
Mozilla Firefox 2.0.0.2
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.3
Mozilla Firefox 3.0.8
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5.4
Mozilla Firefox 1.0.2
Mozilla Firefox 3.5
Mozilla Firefox 3.0.4
Mozilla Firefox 2.0 8
10
CVSSv2
CVE-2012-0444
Mozilla Firefox prior to 3.6.26 and 4.x up to and including 9.0, Thunderbird prior to 3.1.18 and 5.0 up to and including 9.0, and SeaMonkey prior to 2.7 do not properly initialize nsChildView data structures, which allows remote malicious users to cause a denial of service (memor...
Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Opensuse Opensuse 11.4
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Software Development Kit 10
Suse Linux Enterprise Software Development Kit 11
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 10.04
9.3
CVSSv2
CVE-2017-0764
A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.
Google Android 7.1.0
Google Android 7.1.2
Google Android 5.1.0
Google Android 4.2
Google Android 4.1
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Google Android 4.0.2
Google Android 4.4.3
Google Android 4.0.4
Google Android 4.3
Google Android 4.0.1
Google Android 4.4.4
Google Android 7.0
Google Android 4.2.1
Google Android 5.0.1
Google Android 5.0
Google Android 4.0.3
Google Android 4.0
Google Android 4.4
Google Android 4.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »