{"id":"MGASA-2018-0294","summary":"Updated libvorbis packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nThe bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows \nremote attackers to cause a denial of service (out-of-bounds access and \napplication crash) or possibly have unspecified other impact via a crafted mp4 \nfile. (CVE-2017-14160)\n\nmapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the \nnumber of channels, which allows remote attackers to cause a denial of service \n(heap-based buffer overflow or over-read) or possibly have unspecified other \nimpact via a crafted file. (CVE-2018-10392)\n\nbark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based \nbuffer over-read. (CVE-2018-10393)\n","modified":"2026-04-16T01:47:52.083634045Z","published":"2018-06-24T22:02:29Z","upstream":["CVE-2017-14160","CVE-2018-10392","CVE-2018-10393"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0294.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23145"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-05/msg00067.html"},{"type":"WEB","url":"http://lists.suse.com/pipermail/sle-security-updates/2018-June/004158.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-06/msg00047.html"}],"affected":[{"package":{"name":"libvorbis","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libvorbis?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5-1.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0294.json"}},{"package":{"name":"libvorbis","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libvorbis?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5-2.4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0294.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}