Your submission was sent successfully! Close

CVE-2017-14160

Published: 21 September 2017

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Not vulnerable
(1.3.6-1)
disco Not vulnerable
(1.3.6-1)
eoan Not vulnerable
(1.3.6-1)
focal Not vulnerable
(1.3.6-1)
groovy Not vulnerable
(1.3.6-1)
hirsute Not vulnerable
(1.3.6-1)
impish Not vulnerable
(1.3.6-1)
jammy Not vulnerable
(1.3.6-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.3.7,1.3.6-2)
xenial
Released (1.3.5-3ubuntu0.2+esm1)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
rodrigo-zaiden
same patch as CVE-2018-10393.
there is a recent follow up commit that could also be
added when patching this CVE (and CVE-2018-10393)
https://gitlab.xiph.org/xiph/vorbis/commit/a9eb99a5
focal does not have this last patch, but with the first
patch, I understand that it is safe enough.

References

Bugs