ALT-PU-2018-1863-1
Closed vulnerabilities
BDU:2022-05863
Уязвимость функции bark_noise_hybridmp компонента psy.c мультимедийной библиотеки Vorbis, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-11333
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
- http://seclists.org/fulldisclosure/2017/Jul/82
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html
- https://www.exploit-db.com/exploits/42399/
- http://seclists.org/fulldisclosure/2017/Jul/82
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html
- https://www.exploit-db.com/exploits/42399/
Modified: 2025-04-20
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
- http://openwall.com/lists/oss-security/2017/09/21/2
- http://www.securityfocus.com/bid/101045
- https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html
- https://security.gentoo.org/glsa/202003-36
- http://openwall.com/lists/oss-security/2017/09/21/2
- http://www.securityfocus.com/bid/101045
- https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html
- https://security.gentoo.org/glsa/202003-36
Modified: 2025-04-20
CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
- https://gitlab.xiph.org/xiph/vorbis/issues/2328
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://usn.ubuntu.com/3569-1/
- https://www.debian.org/security/2018/dsa-4113
- https://gitlab.xiph.org/xiph/vorbis/issues/2328
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://usn.ubuntu.com/3569-1/
- https://www.debian.org/security/2018/dsa-4113
Modified: 2025-04-20
CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
- https://gitlab.xiph.org/xiph/vorbis/issues/2329
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html
- https://usn.ubuntu.com/3569-1/
- https://www.debian.org/security/2018/dsa-4113
- https://gitlab.xiph.org/xiph/vorbis/issues/2329
- https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html
- https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html
- https://usn.ubuntu.com/3569-1/
- https://www.debian.org/security/2018/dsa-4113
Modified: 2024-11-21
CVE-2020-20412
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.