Bug#876779: libvorbis: CVE-2017-14632
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 25 19:49:33 UTC 2017
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream
Forwarded: https://gitlab.xiph.org/xiph/vorbis/issues/2328
Hi,
the following vulnerability was published for libvorbis.
CVE-2017-14633[0]:
| In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
| exists in the function mapping0_forward() in mapping0.c, which may lead
| to DoS when operating on a crafted audio file with vorbis_analysis().
The reproducer was not attached to the upstream issue, since looks was
not possible for the reporter to include it in the report.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
[1] https://gitlab.xiph.org/xiph/vorbis/issues/2328
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list