PT-2018-3540 · Xiph.Org+7 · Libvorbis+7

Jiangxin

Published

2018-04-25

Updated

2024-06-15

CVE-2018-10393

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: libvorbis version 1.3.6

Description: The issue is related to a stack-based buffer over-read in the bark noise hybridmp function in psy.c of the libvorbis library. This can potentially allow a remote attacker to cause a denial of service.

Recommendations: For libvorbis version 1.3.6, consider updating to a newer version that addresses this issue, as the current version has a stack-based buffer over-read in the bark noise hybridmp function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2019:3703

ALT-PU-2019-1138

ALT-PU-2020-2647

AZL-7277

BDU:2020-03314

CESA-2019_3703

CVE-2018-10393

DLA-2013-1

DLA-2828-1

MGASA-2018-0294

OPENSUSE-SU-2018_1345-1

OPENSUSE-SU-2024:11009-1

RHSA-2019:3703

RHSA-2019_3703

RLSA-2019:3703

SUSE-SU-2018:1321-1

SUSE-SU-2018:1324-1

USN-5420-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libvorbis

PT-2018-3540 · Xiph.Org+7 · Libvorbis+7

CVE-2018-10393

Weakness Enumeration

Related Identifiers

Affected Products

References · 60