Search for packages
Package details: pkg:deb/ubuntu/libvorbis@1.3.5-4
purl pkg:deb/ubuntu/libvorbis@1.3.5-4
Next non-vulnerable version 1.3.6-2
Latest non-vulnerable version 1.3.6-2
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-125v-6567-aaam
Aliases:
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
1.3.5-4.2
Affected by 3 other vulnerabilities.
VCID-1n2s-g3w5-aaak
Aliases:
CVE-2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
1.3.5-4.1
Affected by 4 other vulnerabilities.
VCID-5qxt-rvzs-aaan
Aliases:
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
1.3.6-1
Affected by 1 other vulnerability.
VCID-h9pz-jgxg-aaak
Aliases:
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
1.3.6-2
Affected by 0 other vulnerabilities.
VCID-z8nu-tk5t-aaag
Aliases:
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
1.3.6-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version