Synopsis
Important: libvorbis security update
Type/Severity
Security Advisory: Important
Topic
An update for libvorbis is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Topic
An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scori ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: libvorbis security update
Type/Severity
Security Advisory: Important
Topic
An update for libvorbis is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Debian Bug report logs -
#893130
libvorbis: CVE-2018-5146: out-of-bounds memory write
Package:
src:libvorbis;
Maintainer for src:libvorbis is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 16 Mar 2018 18:30:02 UTC
Severity: grave
Ta ...
Debian Bug report logs -
#870341
libvorbis: CVE-2017-11333 OOM via crafted WAV file
Package:
src:libvorbis;
Maintainer for src:libvorbis is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 1 Aug 2017 09:06:01 UTC
Severity: important
...
Several security issues were fixed in Thunderbird ...
libvorbis could be made to crash or run programs as your login if it
opened a specially crafted file ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
Vorbis audio processing out of bounds write:An out of bounds write flaw was found in the processing of vorbis audio data A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code (CVE-2018-5146) ...
Vorbis audio processing out of bounds write (MFSA 2018-08):An out of bounds write flaw was found in the processing of vorbis audio data A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code (CVE-2018-5146) ...
Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or information
disclosure
For the oldstable distribution (jessie), these problems have been fixed
in version 1:5270-1~deb8u1
For the stable distribution (stretch), these problems have been fixed in
version 1:5270-1~deb ...
Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds
memory write when playing Vorbis media files could result in the
execution of arbitrary code
For the oldstable distribution (jessie), these problems have been fixed
in version 5272esr-1~deb8u1
For the stable distribution (stretch), these problems have been fixed in
version 52 ...
Richard Zhu discovered that an out-of-bounds memory write in the
codebook parsing code of the Libvorbis multimedia library could result
in the execution of arbitrary code if a malformed Vorbis file is opened
For the oldstable distribution (jessie), this problem has been fixed
in version 134-2+deb8u1
For the stable distribution (stretch), this p ...
An out of bounds write flaw was found in the processing of vorbis audio data A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code ...
Mozilla Foundation Security Advisory 2018-08
Out of bounds memory write while processing Vorbis audio data
Announced
March 16, 2018
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
Firefox 5901
...
Mozilla Foundation Security Advisory 2018-09
Security vulnerabilities fixed in Thunderbird 527
Announced
March 23, 2018
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 527
...
An out of bounds memory write vulnerability has been discovered in libvorbis before 136 while processing Vorbis audio data related to codebooks that are not an exact divisor of the partition size ...