Bug#870341: libvorbis: CVE-2017-11333
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 1 09:02:48 UTC 2017
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libvorbis, can you
double-check the report.
CVE-2017-11333[0]:
| The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attackers to cause a denial of service (OOM) via a
| crafted wav file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333
[1] http://seclists.org/fulldisclosure/2017/Jul/82
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list