CVE-2017-14160

Note

same patch as CVE-2018-10393.
there is a recent follow up commit that could also be
added when patching this CVE (and CVE-2018-10393)
https://gitlab.xiph.org/xiph/vorbis/commit/a9eb99a5
focal does not have this last patch, but with the first
patch, I understand that it is safe enough.

Package	Release	Status
libvorbis Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Needed
	cosmic	Not vulnerable (1.3.6-1)
	disco	Not vulnerable (1.3.6-1)
	eoan	Not vulnerable (1.3.6-1)
	impish	Not vulnerable (1.3.6-1)
	groovy	Not vulnerable (1.3.6-1)
	hirsute	Not vulnerable (1.3.6-1)
	jammy	Not vulnerable (1.3.6-1)
	upstream	Released (1.3.7,1.3.6-2)
	xenial	Released (1.3.5-3ubuntu0.2+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	kinetic	Not vulnerable (1.3.6-1)
	lunar	Not vulnerable (1.3.6-1)
	focal	Not vulnerable (1.3.6-1)
	trusty	Does not exist (trusty was needed)
	zesty	Ignored (end of life)
	mantic	Not vulnerable (1.3.6-1)
	Patches: upstream: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 upstream: https://gitlab.xiph.org/xiph/vorbis/commit/a9eb99a5bd6f2d7da02d6cd13a428baf3a1bf48c

Parameter	Value
Base score	8.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Security

CVE-2017-14160

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading