Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libvorbis
(Xiph\.org)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-26 | CVE-2020-20412 | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146. | Stepmania, Libvorbis | 6.5 | ||
| 2017-09-21 | CVE-2017-14160 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | Debian_linux, Libvorbis | 8.8 | ||
| 2018-04-26 | CVE-2018-10392 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | Debian_linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Libvorbis | 8.8 | ||
| 2018-04-26 | CVE-2018-10393 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | Debian_linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Libvorbis | 7.5 | ||
| 2017-09-21 | CVE-2017-14633 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | Ubuntu_linux, Debian_linux, Libvorbis | 6.5 | ||
| 2017-09-21 | CVE-2017-14632 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | Ubuntu_linux, Debian_linux, Libvorbis | 9.8 | ||
| 2008-05-16 | CVE-2008-2009 | Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. | Ubuntu_linux, Libvorbis | N/A | ||
| 2017-07-31 | CVE-2017-11333 | The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | Libvorbis | 5.5 | ||
| 2008-05-16 | CVE-2008-1423 | Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. | Libvorbis | N/A | ||
| 2008-05-16 | CVE-2008-1420 | Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. | Libvorbis | N/A |