VulnerableCode Package Details - pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

Search for packages

Package details: pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

Essentials
History (11)

purl	pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2

Next non-vulnerable version	1.3.6-2
Latest non-vulnerable version	1.3.6-2
Risk	10.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-28vq-2q8e-ykcc Aliases: CVE-2018-10393	bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.	1.3.6-2 Affected by 0 other vulnerabilities.
VCID-6esn-a37s-9yfk Aliases: CVE-2017-11333	security update	1.3.6-2 Affected by 0 other vulnerabilities.
VCID-cfj9-8yvv-wbhj Aliases: CVE-2018-10392	mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.	1.3.6-2 Affected by 0 other vulnerabilities.
VCID-hfum-jn9c-b7a5 Aliases: CVE-2017-14633		1.3.6-2 Affected by 0 other vulnerabilities.
VCID-jcag-bxq7-9qhu Aliases: CVE-2018-5146	An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.	1.3.6-2 Affected by 0 other vulnerabilities.
VCID-qh9t-8bch-quac Aliases: CVE-2017-14632		1.3.6-2 Affected by 0 other vulnerabilities.
VCID-sed4-3epn-mfch Aliases: CVE-2017-14160		1.3.6-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-6esn-a37s-9yfk	security update	CVE-2017-11333
VCID-hfum-jn9c-b7a5		CVE-2017-14633
VCID-jcag-bxq7-9qhu	An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.	CVE-2018-5146
VCID-qh9t-8bch-quac		CVE-2017-14632

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:59:51.969018+00:00	Debian Oval Importer	Affected by	VCID-qh9t-8bch-quac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:46:08.701388+00:00	Debian Oval Importer	Affected by	VCID-sed4-3epn-mfch	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:08:50.969538+00:00	Debian Oval Importer	Affected by	VCID-cfj9-8yvv-wbhj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:47:58.614105+00:00	Debian Oval Importer	Affected by	VCID-hfum-jn9c-b7a5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:43:35.433712+00:00	Debian Oval Importer	Affected by	VCID-6esn-a37s-9yfk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:43:01.055647+00:00	Debian Oval Importer	Affected by	VCID-28vq-2q8e-ykcc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:23:46.083848+00:00	Debian Oval Importer	Affected by	VCID-jcag-bxq7-9qhu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:07:37.295939+00:00	Debian Oval Importer	Fixing	VCID-jcag-bxq7-9qhu	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T11:04:29.911744+00:00	Debian Oval Importer	Fixing	VCID-qh9t-8bch-quac	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:43:51.977667+00:00	Debian Oval Importer	Fixing	VCID-6esn-a37s-9yfk	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:39:08.816993+00:00	Debian Oval Importer	Fixing	VCID-hfum-jn9c-b7a5	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0