Your submission was sent successfully! Close

CVE-2018-10393

Published: 26 April 2018

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libvorbis
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Not vulnerable
(1.3.6-2)
disco Not vulnerable
(1.3.6-2)
eoan Not vulnerable
(1.3.6-2)
focal Not vulnerable
(1.3.6-2)
groovy Not vulnerable
(1.3.6-2)
hirsute Not vulnerable
(1.3.6-2)
impish Not vulnerable
(1.3.6-2)
jammy Not vulnerable
(1.3.6-2)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.3.7,1.3.6-2)
xenial
Released (1.3.5-3ubuntu0.2+esm1)

Notes

AuthorNote
mdeslaur
same patch as CVE-2017-14160
rodrigo-zaiden
there is a recent follow up commit that could also be
added when patching this CVE (and CVE-2017-14160)
https://gitlab.xiph.org/xiph/vorbis/commit/a9eb99a5
focal does not have this last patch, but with the first
patch, I understand that it is safe enough.

References

Bugs