Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-5146 CVE-2018-5147

Source

Mozilla Foundation Security Advisory 2018-08

Out of bounds memory write while processing Vorbis audio data

Announced

March 16, 2018

Impact

critical

Products

Firefox, Firefox ESR

Fixed in

Firefox 59.0.1
Firefox ESR 52.7.2

#CVE-2018-5146: Out of bounds memory write in libvorbis

Reporter: Richard Zhu via Trend Micro's Zero Day Initiative
Impact: critical

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

References

Bug 1446062

#CVE-2018-5147: Out of bounds memory write in libtremor

Reporter: Huzaifa Sidhpurwala
Impact: critical

Description

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.
*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.

References

Bug 1446365

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Out of bounds memory write while processing Vorbis audio data

Out of bounds memory write while processing Vorbis audio data

#CVE-2018-5146: Out of bounds memory write in libvorbis

Description

References

#CVE-2018-5147: Out of bounds memory write in libtremor

Description

References

Vulmon Search

About

Products

Connect