Published: 31/07/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote malicious users to cause a denial of service (OOM) via a crafted wav file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xiph.org libvorbis 1.3.5

Debian Bug report logs - #882144 sox: CVE-2017-15642: Use-after-free in lsx_aiffstartread Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Nov 2017 16:12:02 UTC Severity: important Tags: ...

Debian Bug report logs - #878808 sox: CVE-2017-15372: stack-buffer-overflow src/adpcmc:126 in lsx_ms_adpcm_block_expand_i Package: src:sox; Maintainer for src:sox is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 19:51:0 ...

Debian Bug report logs - #870341 libvorbis: CVE-2017-11333 OOM via crafted WAV file Package: src:libvorbis; Maintainer for src:libvorbis is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Aug 2017 09:06:01 UTC Severity: important ...

A security issue has been found in libvorbis <= 135, where a specially crafted WAV file can trigger an invalid memory allocation in the vorbis_analysis_wrote function in lib/blockc, causing a denial of service ...

libvorbis multiple vulnerabilities ================ Author : qflbwu =============== Introduction: ============= The libvorbis package contains a general purpose audio and music encoding format This is useful for creating (encoding) and playing (decoding) sound in an open (patent free) format Affected version: ===== 135 Vulnerability Desc ...

CWE-476 http://seclists.org/fulldisclosure/2017/Jul/82 https://www.exploit-db.com/exploits/42399/https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882144 https://www.exploit-db.com/exploits/42399/https://security.archlinux.org/CVE-2017-11333

CVE-2017-11333

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect