{"id":"UBUNTU-CVE-2018-1000050","details":"Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.","modified":"2026-05-20T16:03:17.528189304Z","published":"2018-02-09T23:29:00Z","upstream":["CVE-2018-1000050"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1000050"},{"type":"REPORT","url":"https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9"},{"type":"REPORT","url":"https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-1000050"}],"affected":[{"package":{"name":"libstb","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/libstb?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~git20190817.1.052dce1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libstb0","binary_version":"0.0~git20190817.1.052dce1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000050.json"}},{"package":{"name":"libstb","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/libstb?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~git20200713.b42009b+ds-1","0.0~git20210910.af1a5bc+ds-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libstb0","binary_version":"0.0~git20210910.af1a5bc+ds-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000050.json"}},{"package":{"name":"libstb","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/libstb?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~git20230129.5736b15+ds-1","0.0~git20230129.5736b15+ds-1.1","0.0~git20230129.5736b15+ds-1.2"],"ecosystem_specific":{"binaries":[{"binary_name":"libstb0t64","binary_version":"0.0~git20230129.5736b15+ds-1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000050.json"}},{"package":{"name":"libstb","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/libstb?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~git20240715.f7f20f39fe4f+ds-1","0.0~git20241109.5c20573+ds-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libstb0t64","binary_version":"0.0~git20241109.5c20573+ds-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000050.json"}},{"package":{"name":"libstb","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/libstb?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0~git20241109.5c20573+ds-1","0.0~git20250907.fede005+ds-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libstb0t64","binary_version":"0.0~git20250907.fede005+ds-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000050.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}