Search for packages
Package details: pkg:deb/debian/libvorbis@1.3.4-2
purl pkg:deb/debian/libvorbis@1.3.4-2
Next non-vulnerable version 1.3.6-2
Latest non-vulnerable version 1.3.6-2
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-125v-6567-aaam
Aliases:
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
1.3.4-2+deb8u1
Affected by 7 other vulnerabilities.
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-1n2s-g3w5-aaak
Aliases:
CVE-2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-24pt-1dej-aaak
Aliases:
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-5qxt-rvzs-aaan
Aliases:
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-h9pz-jgxg-aaak
Aliases:
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-k1vq-z733-aaak
Aliases:
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
1.3.5-4+deb9u2
Affected by 7 other vulnerabilities.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-z8nu-tk5t-aaag
Aliases:
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
1.3.6-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:17:18.442987+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:30:58.311762+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:53:31.335653+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:57:02.515448+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:37:05.014008+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:10:42.101831+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:38.176868+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:04:48.278010+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:04:07.014008+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:58:07.910265+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:24:44.198346+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:18:29.473331+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T09:53:01.811895+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T00:43:35.366591+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.1.3
2025-06-21T00:05:52.883012+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.1.3
2025-06-21T00:04:10.778703+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.1.3
2025-06-20T22:59:49.491205+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.1.3
2025-06-20T21:03:04.684017+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.1.3
2025-06-20T19:55:11.416494+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.1.3
2025-06-20T19:51:53.392101+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.1.3
2025-06-08T13:02:01.295419+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:46:48.681620+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:34.678014+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:08.856160+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:46:06.452337+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:16:47.637277+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:46:48.088837+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:50:21.340677+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:30:11.760389+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:05:28.153898+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:32.454870+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:12:45.180644+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:34:09.475957+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:31:01.534396+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:10:36.571439+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:03.986021+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T03:41:44.152993+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T18:06:08.098149+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.1.0
2025-06-07T17:28:39.517926+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.1.0
2025-06-07T17:26:58.769799+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.1.0
2025-06-07T16:23:01.120653+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.1.0
2025-06-07T14:29:37.650960+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.1.0
2025-06-07T13:45:27.035663+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.1.0
2025-06-07T13:43:19.426052+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.1.0
2025-04-12T22:27:36.084159+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:48:05.030630+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:49:28.192972+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:33:43.163990+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:30:25.852035+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:29:58.808476+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:30:58.712951+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:48:53.375347+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:18:21.941044+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:22:48.319929+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:03:00.188226+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:37:30.494151+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:33.138545+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:43:43.448253+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:04:42.304454+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T03:01:24.019468+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:39:32.530040+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:34:34.384421+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:09:33.541060+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T16:43:16.918494+00:00 Debian Oval Importer Affected by VCID-5qxt-rvzs-aaan None 36.0.0
2025-04-07T16:03:07.294625+00:00 Debian Oval Importer Affected by VCID-1n2s-g3w5-aaak None 36.0.0
2025-04-07T16:01:21.458855+00:00 Debian Oval Importer Affected by VCID-z8nu-tk5t-aaag None 36.0.0
2025-04-07T14:54:49.014340+00:00 Debian Oval Importer Affected by VCID-k1vq-z733-aaak None 36.0.0
2025-04-07T13:01:51.684267+00:00 Debian Oval Importer Affected by VCID-h9pz-jgxg-aaak None 36.0.0
2025-04-07T12:20:41.234171+00:00 Debian Oval Importer Affected by VCID-24pt-1dej-aaak None 36.0.0
2025-04-07T12:18:36.860536+00:00 Debian Oval Importer Affected by VCID-125v-6567-aaam None 36.0.0