PT-2018-3539 · Xiph.Org+7 · Libvorbis+7

Jiangxin

Published

2018-04-25

Updated

2024-06-15

CVE-2018-10392

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libvorbis version 1.3.6

Description: The issue is related to the mapping0 forward function in the mapping0.c file of the libvorbis multimedia library. It involves a buffer overflow in memory due to an operation exceeding the buffer's boundaries. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code via a crafted file.

Recommendations: For libvorbis version 1.3.6, consider updating to a newer version that addresses the buffer overflow issue in the mapping0 forward function. As a temporary workaround, restrict the use of crafted files that could exploit this vulnerability.

Exploit

Fix

DoS

Buffer Overflow

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-125

Related Identifiers

ALSA-2019:3703

ALT-PU-2019-1138

ALT-PU-2020-2647

AZL-7276

BDU:2020-03313

CESA-2019_3703

CVE-2018-10392

DLA-2013-1

DLA-2828-1

MGASA-2018-0294

OPENSUSE-SU-2018_1622-1

OPENSUSE-SU-2018_1953-1

OPENSUSE-SU-2024:11009-1

RHSA-2019:3703

RHSA-2019_3703

RLSA-2019:3703

SUSE-SU-2018:1563-1

SUSE-SU-2018:1565-1

SUSE-SU-2018:1885-1

SUSE-SU-2018_1563-1

SUSE-SU-2018_1565-1

SUSE-SU-2018_1885-1

USN-5420-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libvorbis

PT-2018-3539 · Xiph.Org+7 · Libvorbis+7

CVE-2018-10392

Weakness Enumeration

Related Identifiers

Affected Products

References · 60