RSS   Podatności dla 'Libvorbis'   RSS

2018-04-26
 
CVE-2018-10393

CWE-125
 
 
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

 
 
CVE-2018-10392

CWE-119
 
 
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

 
2017-09-21
 
CVE-2017-14160

 
 
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

 
 
CVE-2017-14633

CWE-125
 
 
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

 
 
CVE-2017-14632

CWE-119
 
 
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

 
2008-05-16
 
CVE-2008-2009

CWE-DesignError
 
 
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

 

 >>> Vendor: XIPH 5 Produkty
Icecast
Libvorbis
Libfishsound
Speex
Vorbis-tools

Copyright 2024, cxsecurity.com

 

Back to Top