VulnerableCode Package Details - pkg:deb/ubuntu/libvorbis@1.3.6-1

Search for packages

Package details: pkg:deb/ubuntu/libvorbis@1.3.6-1

Essentials
History (0)

purl	pkg:deb/ubuntu/libvorbis@1.3.6-1

Next non-vulnerable version	1.3.6-2
Latest non-vulnerable version	1.3.6-2
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-h9pz-jgxg-aaak Aliases: CVE-2018-10393	bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.	1.3.6-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-5qxt-rvzs-aaan	The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.	CVE-2017-14160
VCID-z8nu-tk5t-aaag	mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.	CVE-2018-10392

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version