CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbisanalysisheaderout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

References

Affected packages

Git / gitlab.xiph.org/xiph/vorbis

Affected ranges

Type

GIT

Repo

https://gitlab.xiph.org/xiph/vorbis

Events

Introduced

Last affected

f4093202cb226b360d0edf8a948aa71142cec657

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.5"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.0beta1

v1.0.0beta2

v1.0.0beta2-debian

v1.0.0beta3

v1.0.0beta4

v1.0.0rc1

v1.0.0rc2

v1.0.0rc4-internal

v1.0.1

v1.1.0

v1.1.0rc1

v1.1.1

v1.1.2

v1.2.0

v1.2.2

v1.2.2rc1

v1.2.3

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14632.json"