PT-2017-4208 · Xiph.Org+3 · Libvorbis+3

Published

2017-09-21

Updated

2024-06-15

CVE-2017-14160

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libvorbis version 1.3.5

Description The issue is related to the bark noise hybridmp function in the psy.c component of the Vorbis multimedia library. It involves an out-of-bounds access in memory, which can be exploited by a remote attacker using a specially crafted mp4 file. This exploitation can lead to unauthorized access to confidential data, disruption of data integrity, and denial of service, causing the application to crash.

Recommendations For libvorbis version 1.3.5, consider disabling the bark noise hybridmp function in the psy.c component as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the psy.c component to minimize the risk of exploitation. Avoid using the bark noise hybridmp function with crafted mp4 files until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-1863

ALT-PU-2019-1138

BDU:2022-05863

CVE-2017-14160

DLA-2013-1

DLA-2828-1

MGASA-2018-0294

OPENSUSE-SU-2018_1345-1

OPENSUSE-SU-2024:11009-1

SUSE-SU-2018:1321-1

SUSE-SU-2018:1324-1

SUSE-SU-2018_1321-1

SUSE-SU-2018_1324-1

USN-5420-1

Affected Products

Alt Linux

Suse

Ubuntu

Libvorbis

PT-2017-4208 · Xiph.Org+3 · Libvorbis+3

CVE-2017-14160

Weakness Enumeration

Related Identifiers

Affected Products

References · 51