PT-2017-4208 · Xiph.Org+3 · Libvorbis+3

Publicado

2017-09-21

Atualizado

2024-06-15

CVE-2017-14160

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libvorbis version 1.3.5

Description The issue is related to the bark noise hybridmp function in the psy.c component of the Vorbis multimedia library. It involves an out-of-bounds access in memory, which can be exploited by a remote attacker using a specially crafted mp4 file. This exploitation can lead to unauthorized access to confidential data, disruption of data integrity, and denial of service, causing the application to crash.

Recommendations For libvorbis version 1.3.5, consider disabling the bark noise hybridmp function in the psy.c component as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the psy.c component to minimize the risk of exploitation. Avoid using the bark noise hybridmp function with crafted mp4 files until the issue is resolved.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2018-1863

ALT-PU-2019-1138

BDU:2022-05863

CVE-2017-14160

DLA-2013-1

DLA-2828-1

MGASA-2018-0294

OPENSUSE-SU-2018_1345-1

OPENSUSE-SU-2024:11009-1

SUSE-SU-2018:1321-1

SUSE-SU-2018:1324-1

SUSE-SU-2018_1321-1

SUSE-SU-2018_1324-1

USN-5420-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Libvorbis

PT-2017-4208 · Xiph.Org+3 · Libvorbis+3

CVE-2017-14160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51