{"id":"USN-5420-1","summary":"libvorbis vulnerabilities","details":"It was discovered that Vorbis incorrectly handled certain files.\nAn attacker could possibly use this issue to cause a denial of service,\nor possibly execute arbitrary code.\n(CVE-2017-14160, CVE-2018-10392, CVE-2018-10393)\n","modified":"2026-05-20T16:05:38.146214724Z","published":"2022-05-12T15:44:18Z","related":["UBUNTU-CVE-2017-14160","UBUNTU-CVE-2018-10392","UBUNTU-CVE-2018-10393"],"upstream":["CVE-2017-14160","CVE-2018-10392","CVE-2018-10393","UBUNTU-CVE-2017-14160","UBUNTU-CVE-2018-10392","UBUNTU-CVE-2018-10393"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5420-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-14160"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10392"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-10393"}],"affected":[{"package":{"name":"libvorbis","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libvorbis?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5-3ubuntu0.2+esm1"}]}],"versions":["1.3.4-2","1.3.4-3","1.3.5-2","1.3.5-3","1.3.5-3ubuntu0.1","1.3.5-3ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.3.5-3ubuntu0.2+esm1","binary_name":"libvorbis0a"},{"binary_version":"1.3.5-3ubuntu0.2+esm1","binary_name":"libvorbisfile3"},{"binary_version":"1.3.5-3ubuntu0.2+esm1","binary_name":"libvorbisenc2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5420-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.5"}