{"id":"MGASA-2018-0084","summary":"Updated libvorbis packages fix security vulnerabilities","details":"Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing\nuninitialized memory in the function vorbis_analysis_headerout() in\ninfo.c when vi-\u003echannels\u003c=0, a similar issue to Mozilla bug 550184\n(CVE-2017-14632).\n\nIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability\nexists in the function mapping0_forward() in mapping0.c, which may lead\nto DoS when operating on a crafted audio file with vorbis_analysis()\n(CVE-2017-14633).\n","modified":"2026-02-04T03:35:34.952183Z","published":"2018-01-14T16:54:13Z","related":["CVE-2017-14632","CVE-2017-14633"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0084.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22378"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-01/msg00015.html"}],"affected":[{"package":{"name":"libvorbis","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libvorbis?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.5-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0084.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}