Jiangxin

Name of the Vulnerable Software and Affected Versions: libvorbis version 1.3.6 Description: The issue is related to the `mapping0 forward` function in the `mapping0.c` file of the libvorbis multimedia library. It involves a buffer overflow in memory due to an operation exceeding the buffer's boundaries. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code via a crafted file. Recommendations: For libvorbis version 1.3.6, consider updating to a newer version that addresses the buffer overflow issue in the `mapping0 forward` function. As a temporary workaround, restrict the use of crafted files that could exploit this vulnerability.

Name of the Vulnerable Software and Affected Versions: libvorbis version 1.3.6 Description: The issue is related to a stack-based buffer over-read in the `bark noise hybridmp` function in `psy.c` of the libvorbis library. This can potentially allow a remote attacker to cause a denial of service. Recommendations: For libvorbis version 1.3.6, consider updating to a newer version that addresses this issue, as the current version has a stack-based buffer over-read in the `bark noise hybridmp` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xiph.Org libvorbis version 1.3.5 **Description** The issue allows for remote code execution due to the freeing of uninitialized memory. This occurs in the `vorbis analysis headerout()` function in info.c when the condition `vi->channels<=0` is met. The problem is similar to a previously identified issue in Mozilla, bug 550184. **Recommendations** For Xiph.Org libvorbis version 1.3.5, consider avoiding the use of the `vorbis analysis headerout()` function until a patch is available, especially when `vi->channels` is less than or equal to 0. As a temporary workaround, restrict the execution of this function with the specified condition to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to a memory leak in the audio/audio.c component of QEMU, which allows remote attackers to cause a denial of service by consuming memory. This can be achieved by repeatedly starting and stopping audio capture. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (aka Quick Emulator) versions (affected versions not specified) **Description** The issue allows local guest OS privileged users to cause a denial of service, resulting in a divide-by-zero error and QEMU process crash. This is achieved through vectors involving blit pitch values when cirrus graphics mode is set to VGA. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qemu (affected versions not specified) **Description** The issue is related to a divide by zero problem that can occur when copying VGA data in cirrus graphics mode set to VGA. This could allow a privileged user inside a guest to crash the Qemu process instance on the host, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.