MGASA-2018-0294
- Source
- https://advisories.mageia.org/MGASA-2018-0294.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0294.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2018-0294
- Related
- Published
- 2018-06-24T22:02:29Z
- Modified
- 2018-06-24T21:24:21Z
- Summary
- Updated libvorbis packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities:
The barknoisehybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. (CVE-2017-14160)
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. (CVE-2018-10392)
barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. (CVE-2018-10393)
- References
-
- https://advisories.mageia.org/MGASA-2018-0294.html
- https://bugs.mageia.org/show_bug.cgi?id=23145
- https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html
- http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html
- https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html
- Credits
-
-
- Mageia - COORDINATOR
-