PT-2018-3539 · Xiph.Org+7 · Libvorbis+7

Jiangxin

Publicado

2018-04-25

Atualizado

2024-06-15

CVE-2018-10392

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libvorbis version 1.3.6

Description: The issue is related to the mapping0 forward function in the mapping0.c file of the libvorbis multimedia library. It involves a buffer overflow in memory due to an operation exceeding the buffer's boundaries. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code via a crafted file.

Recommendations: For libvorbis version 1.3.6, consider updating to a newer version that addresses the buffer overflow issue in the mapping0 forward function. As a temporary workaround, restrict the use of crafted files that could exploit this vulnerability.

Exploit

Correção

DoS

Buffer Overflow

Memory Corruption

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787CWE-125

Identificadores relacionados

ALSA-2019:3703

ALT-PU-2019-1138

ALT-PU-2020-2647

AZL-7276

BDU:2020-03313

CESA-2019_3703

CVE-2018-10392

DLA-2013-1

DLA-2828-1

MGASA-2018-0294

OPENSUSE-SU-2018_1622-1

OPENSUSE-SU-2018_1953-1

OPENSUSE-SU-2024:11009-1

RHSA-2019:3703

RHSA-2019_3703

RLSA-2019:3703

SUSE-SU-2018:1563-1

SUSE-SU-2018:1565-1

SUSE-SU-2018:1885-1

SUSE-SU-2018_1563-1

SUSE-SU-2018_1565-1

SUSE-SU-2018_1885-1

USN-5420-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libvorbis

PT-2018-3539 · Xiph.Org+7 · Libvorbis+7

CVE-2018-10392

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60