An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.
An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5147 https://git.xiph.org/?p=tremor.git;a=commitdiff;h=562307a4a7082e24553f3d2c55dab397a17c4b4f http://seclists.org/oss-sec/2018/q1/243
The libtremor library has the same flaw as CVE-2018-5146.