FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libvorbis -- multiple vulnerabilities

Affected packages
libvorbis < 1.3.6,3

Details

VuXML ID 64ee858e-e035-4bb4-9c77-2468963dddb8
Discovery 2018-03-16
Entry 2018-03-16

NVD reports:

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

References

CVE Name CVE-2017-14632
CVE Name CVE-2017-14633