Search for packages
Package details: pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2
purl pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2
Next non-vulnerable version 1.3.6-2
Latest non-vulnerable version 1.3.6-2
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-125v-6567-aaam
Aliases:
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-1n2s-g3w5-aaak
Aliases:
CVE-2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-24pt-1dej-aaak
Aliases:
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-5qxt-rvzs-aaan
Aliases:
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-h9pz-jgxg-aaak
Aliases:
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-k1vq-z733-aaak
Aliases:
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-z8nu-tk5t-aaag
Aliases:
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
1.3.6-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-125v-6567-aaam An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. CVE-2018-5146
VCID-1n2s-g3w5-aaak The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. CVE-2017-11333
VCID-24pt-1dej-aaak Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVE-2017-14632
VCID-k1vq-z733-aaak In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). CVE-2017-14633

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:17:18.447204+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:30:58.315373+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:53:31.339290+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:57:02.522218+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:37:05.017899+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:10:42.106853+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:38.180622+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:04:48.282434+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:04:07.018416+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:58:07.914551+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:24:44.202058+00:00 Debian Oval Importer Fixing VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:18:29.478099+00:00 Debian Oval Importer Fixing VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T00:43:35.370227+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.1.3
2025-06-21T00:05:52.886750+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.1.3
2025-06-21T00:04:10.783448+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.1.3
2025-06-20T23:45:48.613081+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.1.3
2025-06-20T22:59:49.495448+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.1.3
2025-06-20T21:36:44.427173+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.1.3
2025-06-20T21:03:04.687215+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.1.3
2025-06-20T20:03:56.475478+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam None 36.1.3
2025-06-20T19:55:11.419675+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak None 36.1.3
2025-06-08T13:02:01.299423+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:46:48.685230+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:34.681161+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:08.859195+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:46:06.455894+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:16:47.640255+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:46:48.091842+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:50:21.343707+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:30:11.763371+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:05:28.157514+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:32.458531+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:12:45.183669+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:34:09.479573+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:31:01.537446+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:10:36.575014+00:00 Debian Oval Importer Fixing VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:03.989106+00:00 Debian Oval Importer Fixing VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:06:08.101391+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.1.0
2025-06-07T17:28:39.521491+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.1.0
2025-06-07T17:26:58.772846+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.1.0
2025-06-07T17:08:41.590305+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.1.0
2025-06-07T16:23:01.123830+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.1.0
2025-06-07T14:59:23.507303+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.1.0
2025-06-07T14:29:37.653971+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.1.0
2025-06-07T13:51:28.992052+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam None 36.1.0
2025-06-07T13:45:27.039741+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak None 36.1.0
2025-04-12T22:27:36.094074+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:48:05.040587+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:49:28.202992+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:33:43.174018+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:30:25.862090+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:29:58.818336+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:30:58.722900+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:48:53.385467+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:18:21.951089+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:22:48.329936+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:03:00.198085+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:37:30.504738+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:33.148242+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:43:43.458005+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:04:42.314313+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T03:01:24.029959+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:39:32.540523+00:00 Debian Oval Importer Fixing VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:34:34.394867+00:00 Debian Oval Importer Fixing VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T16:43:16.929202+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.0.0
2025-04-07T16:03:07.305475+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.0.0
2025-04-07T16:01:21.469562+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.0.0
2025-04-07T15:42:14.960110+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.0.0
2025-04-07T14:54:49.025202+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.0.0
2025-04-07T13:31:15.346778+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.0.0
2025-04-07T13:01:51.695078+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.0.0
2025-04-07T12:26:23.954341+00:00 Debian Oval Importer Fixing VCID-125v-6567-aaam None 36.0.0
2025-04-07T12:20:41.245932+00:00 Debian Oval Importer Fixing VCID-24pt-1dej-aaak None 36.0.0