Bug#876780: libvorbis: CVE-2017-14160
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 25 20:13:45 UTC 2017
Source: libvorbis
Version: 1.3.5-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libvorbis.
CVE-2017-14160[0]:
| The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5
| allows remote attackers to cause a denial of service (out-of-bounds
| access and application crash) or possibly have unspecified other impact
| via a crafted mp4 file.
See [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14160
[1] http://www.openwall.com/lists/oss-security/2017/09/21/3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-xiph-maint
mailing list