Search for packages
Package details: pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1
purl pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1
Next non-vulnerable version 1.3.6-2
Latest non-vulnerable version 1.3.6-2
Risk 10.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-28vq-2q8e-ykcc
Aliases:
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-6esn-a37s-9yfk
Aliases:
CVE-2017-11333
security update
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-cfj9-8yvv-wbhj
Aliases:
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-hfum-jn9c-b7a5
Aliases:
CVE-2017-14633
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-jcag-bxq7-9qhu
Aliases:
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
1.3.4-2+deb8u1
Affected by 7 other vulnerabilities.
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-jwvr-ax6v-nbf4
Aliases:
CVE-2012-0444
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.
1.3.2-1.3
Affected by 7 other vulnerabilities.
VCID-qh9t-8bch-quac
Aliases:
CVE-2017-14632
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-sed4-3epn-mfch
Aliases:
CVE-2017-14160
1.3.6-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-wdyw-kubz-t3dv Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.Audio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected. CVE-2009-2663
VCID-xb2c-r22q-dkgc Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.Audio and video capabilities were added in Firefox 3.5 so prior releases of Firefox were not affected. CVE-2009-3379
VCID-xwju-wywk-6qbx CVE-2008-2009

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T19:59:51.951111+00:00 Debian Oval Importer Affected by VCID-qh9t-8bch-quac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T17:46:08.682528+00:00 Debian Oval Importer Affected by VCID-sed4-3epn-mfch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T17:12:21.920717+00:00 Debian Oval Importer Fixing VCID-wdyw-kubz-t3dv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:22:44.970608+00:00 Debian Oval Importer Fixing VCID-xwju-wywk-6qbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:08:50.950786+00:00 Debian Oval Importer Affected by VCID-cfj9-8yvv-wbhj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:47:58.596984+00:00 Debian Oval Importer Affected by VCID-hfum-jn9c-b7a5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:43:35.415744+00:00 Debian Oval Importer Affected by VCID-6esn-a37s-9yfk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:43:01.037205+00:00 Debian Oval Importer Affected by VCID-28vq-2q8e-ykcc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:23:46.065403+00:00 Debian Oval Importer Affected by VCID-jcag-bxq7-9qhu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:24:58.745695+00:00 Debian Oval Importer Affected by VCID-jwvr-ax6v-nbf4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:51:44.866316+00:00 Debian Oval Importer Fixing VCID-xb2c-r22q-dkgc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:07:37.277950+00:00 Debian Oval Importer Affected by VCID-jcag-bxq7-9qhu https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T11:04:29.890129+00:00 Debian Oval Importer Affected by VCID-qh9t-8bch-quac https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:43:51.958174+00:00 Debian Oval Importer Affected by VCID-6esn-a37s-9yfk https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:39:08.796638+00:00 Debian Oval Importer Affected by VCID-hfum-jn9c-b7a5 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:14:56.492888+00:00 Debian Oval Importer Affected by VCID-jcag-bxq7-9qhu https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0