Advisories ยป MGASA-2018-0294

Updated libvorbis packages fix security vulnerabilities

Publication date: 24 Jun 2018
Modification date: 24 Jun 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14160 , CVE-2018-10392 , CVE-2018-10393

Description

The updated packages fix security vulnerabilities:

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows 
remote attackers to cause a denial of service (out-of-bounds access and 
application crash) or possibly have unspecified other impact via a crafted mp4 
file. (CVE-2017-14160)

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the 
number of channels, which allows remote attackers to cause a denial of service 
(heap-based buffer overflow or over-read) or possibly have unspecified other 
impact via a crafted file. (CVE-2018-10392)

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based 
buffer over-read. (CVE-2018-10393)
                

References

SRPMS

6/core

5/core