Bug#870342: libvorbis: CVE-2017-11735
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 1 09:04:33 UTC 2017
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for libvorbis, can you
please double-check the report.
CVE-2017-11735[0]:
| The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis
| 1.3.5 allows remote attackers to cause a denial of service (NULL
| pointer dereference and application crash) via a crafted ogg file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11735
[1] http://seclists.org/fulldisclosure/2017/Jul/82
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list