{ "schema_version": "1.7.0", "id": "MGASA-2026-0191", "published": "2026-06-10T05:07:06Z", "modified": "2026-06-10T04:05:53Z", "summary": "Updated libxmp packages fix security vulnerabilities", "details": "CVE-2023-45679: Attempt to free an uninitialized memory pointer in\nvorbis_deinit()\nCVE-2023-45680: Null pointer dereference in vorbis_deinit()\nCVE-2023-45681: Out of bounds heap buffer write\nCVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder()\nCVE-2023-45677: Heap buffer out of bounds write in start_decoder()\nCVE-2023-45682: Wild address read in vorbis_decode_packet_rest()\nCVE-2025-47256 stack-based buffer overflow in depack_pha in\nloaders/prowizard/pha.c via a malformed Pha format tracker module in a\n.mod file.\n", "upstream": [ "CVE-2023-45676", "CVE-2023-45677", "CVE-2023-45679", "CVE-2023-45680", "CVE-2023-45681", "CVE-2023-45682", "CVE-2025-47256" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0191.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=33915" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVZWMTH36ES7RCJEMRANBDTL76QBE75Z/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKMOFYKVMD2LPU7O33SEH2RGSY2ZE73K/" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "libxmp", "purl": "pkg:rpm/mageia/libxmp?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.5.0-2.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }