CVE-2018-5146

Name of the Vulnerable Software and Affected Versions libvorbis (affected versions not specified) Firefox versions prior to 59.0.1 Firefox ESR versions prior to 52.7.2 Thunderbird versions prior to 52.7

Description The issue is related to an error in the libvorbis multimedia library, causing a read beyond the allocated buffer memory. This can be exploited by a remote attacker using specially crafted Vorbis audio data to cause a denial of service or compromise data confidentiality and integrity. The vulnerability was reported through the Pwn2Own contest and is associated with an out of bounds memory write while processing Vorbis audio data.

Recommendations For libvorbis, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Firefox versions prior to 59.0.1, update to version 59.0.1 or later. For Firefox ESR versions prior to 52.7.2, update to version 52.7.2 or later. For Thunderbird versions prior to 52.7, update to version 52.7 or later.