Note:
This project will be discontinued after December 13, 2021. [more]
2018-04-26
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
| Products | Debian_linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Libvorbis |
| Type | Out-of-bounds Read (CWE-125) Out-of-bounds Write (CWE-787) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/202003-36
• https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html • https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html • https://access.redhat.com/errata/RHSA-2019:3703 • https://gitlab.xiph.org/xiph/vorbis/issues/2335 |