Xiph.org libvorbis 1.3.5

CPE Details

Xiph.org libvorbis 1.3.5
1.3.5
2019-10-17
13h05 +00:00
2019-10-17
13h05 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*

Informations

Vendor

xiph.org

Product

libvorbis

Version

1.3.5

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-20412 2020-12-25 23h00 +00:00 lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
6.5
Moyen
CVE-2017-14160 2017-09-21 12h00 +00:00 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
8.8
Haute
CVE-2017-14632 2017-09-21 05h00 +00:00 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
9.8
Critique
CVE-2017-14633 2017-09-21 05h00 +00:00 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
6.5
Moyen
CVE-2017-11333 2017-07-31 11h00 +00:00 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
5.5
Moyen