{"id":"CVE-2018-10392","details":"mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.","modified":"2026-03-20T11:21:00.861895Z","published":"2018-04-26T05:29:00.343Z","related":["ALSA-2019:3703","MGASA-2018-0294","SUSE-SU-2018:1563-1","SUSE-SU-2018:1565-1","SUSE-SU-2018:1885-1","openSUSE-SU-2024:11009-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-36"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3703"},{"type":"REPORT","url":"https://gitlab.xiph.org/xiph/vorbis/issues/2335"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.xiph.org/xiph/vorbis","events":[{"introduced":"0"},{"last_affected":"d22c3ab5f633460abc2532feee60ca0892134cbf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.6"}]}}],"versions":["v1.0.0","v1.0.0beta1","v1.0.0beta2","v1.0.0beta2-debian","v1.0.0beta3","v1.0.0beta4","v1.0.0rc1","v1.0.0rc2","v1.0.0rc4-internal","v1.0.1","v1.1.0","v1.1.0rc1","v1.1.1","v1.1.2","v1.2.0","v1.2.2","v1.2.2rc1","v1.2.3","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10392.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}