Advisories ยป MGASA-2018-0070

Updated libvorbis packages fix security vulnerabilities

Publication date: 12 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-14632 , CVE-2017-14633


Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().