Search CVE reports
1 – 10 of 19 results
CVE-2018-9527
Medium priorityIn vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | — | — | — | Not affected | Not affected |
CVE-2018-5147
Medium prioritySome fixes available 7 of 8
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
3 affected packages
firefox, firefox-esr, libvorbisidec
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | Fixed | Fixed |
| firefox-esr | — | — | — | Not in release | Not in release |
| libvorbisidec | — | — | — | Not affected | Fixed |
CVE-2018-10393
Low prioritySome fixes available 1 of 3
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | Not affected | Not affected | Not affected | Vulnerable | Fixed |
CVE-2018-10392
Low prioritySome fixes available 1 of 3
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified...
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | Not affected | Not affected | Not affected | Vulnerable | Fixed |
CVE-2018-5146
Medium priorityAn out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
4 affected packages
firefox, firefox-esr, libvorbis, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | Not affected | Fixed |
| firefox-esr | — | — | — | Not in release | Not in release |
| libvorbis | — | — | — | Not affected | Fixed |
| thunderbird | — | — | — | Fixed | Fixed |
CVE-2017-14160
Low prioritySome fixes available 1 of 4
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | Not affected | Not affected | Not affected | Vulnerable | Fixed |
CVE-2017-14633
Medium prioritySome fixes available 3 of 4
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | — | — | — | — | Fixed |
CVE-2017-14632
Medium prioritySome fixes available 3 of 4
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | — | — | — | — | Fixed |
CVE-2017-11333
Low prioritySome fixes available 3 of 4
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
1 affected packages
libvorbis
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libvorbis | — | — | — | Not affected | Fixed |
CVE-2012-0444
Medium prioritySome fixes available 19 of 29
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of...
6 affected packages
firefox, libvorbis, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| libvorbis | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
| xulrunner-2.0 | — | — | — | — | — |