{"id":"CVE-2018-10393","details":"bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.","modified":"2026-05-18T05:50:17.758990838Z","published":"2018-04-26T05:29:00.403Z","related":["ALSA-2019:3703","SUSE-SU-2018:1321-1","SUSE-SU-2018:1324-1","openSUSE-SU-2024:11009-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux","extracted_events":[{"last_affected":"8.0"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_eus","extracted_events":[{"last_affected":"8.1"},{"last_affected":"8.2"},{"last_affected":"8.4"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server_aus","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_tus","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"}]}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3703"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-36"},{"type":"REPORT","url":"https://gitlab.xiph.org/xiph/vorbis/issues/2334"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.xiph.org/xiph/vorbis","events":[{"introduced":"0"},{"last_affected":"d22c3ab5f633460abc2532feee60ca0892134cbf"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.3.6"}],"cpe":"cpe:2.3:a:xiph.org:libvorbis:1.3.6:*:*:*:*:*:*:*"}}],"versions":["v1.3.6","v1.3.5","v1.3.4","v1.3.3","v1.3.2","v1.3.1","v1.2.3","v1.2.2","v1.2.2rc1","v1.2.0","v1.1.2","v1.1.1","v1.1.0","v1.1.0rc1","v1.0.1","v1.0.0","v1.0.0rc4-internal","v1.0.0rc2","v1.0.0rc1","v1.0.0beta4","v1.0.0beta3","v1.0.0beta2-debian","v1.0.0beta2","v1.0.0beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10393.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}