{"id":"CVE-2017-14632","details":"Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi-\u003echannels\u003c=0, a similar issue to Mozilla bug 550184.","modified":"2026-03-20T11:19:12.746917Z","published":"2017-09-21T07:29:00.390Z","related":["MGASA-2018-0070","MGASA-2018-0084","SUSE-SU-2018:0015-1","SUSE-SU-2018:0016-1","openSUSE-SU-2024:11009-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3569-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4113"},{"type":"ADVISORY","url":"https://gitlab.xiph.org/xiph/vorbis/issues/2328"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.xiph.org/xiph/vorbis","events":[{"introduced":"0"},{"last_affected":"f4093202cb226b360d0edf8a948aa71142cec657"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.5"}]}}],"versions":["v1.0.0","v1.0.0beta1","v1.0.0beta2","v1.0.0beta2-debian","v1.0.0beta3","v1.0.0beta4","v1.0.0rc1","v1.0.0rc2","v1.0.0rc4-internal","v1.0.1","v1.1.0","v1.1.0rc1","v1.1.1","v1.1.2","v1.2.0","v1.2.2","v1.2.2rc1","v1.2.3","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14632.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}