Your submission was sent successfully! Close

CVE-2018-10392

Published: 26 April 2018

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Not vulnerable
(1.3.6-1)
disco Not vulnerable
(1.3.6-1)
eoan Not vulnerable
(1.3.6-1)
focal Not vulnerable
(1.3.6-1)
groovy Not vulnerable
(1.3.6-1)
hirsute Not vulnerable
(1.3.6-1)
impish Not vulnerable
(1.3.6-1)
jammy Not vulnerable
(1.3.6-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.3.7,1.3.6-2)
xenial
Released (1.3.5-3ubuntu0.2+esm1)