Your submission was sent successfully! Close

CVE-2018-5146

Published: 16 March 2018

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
artful
Released (59.0.1+build1-0ubuntu0.17.10.1)
bionic Not vulnerable

precise Does not exist

trusty Does not exist
(trusty was released [59.0.1+build1-0ubuntu0.14.04.1])
upstream
Released (59.0.1)
xenial
Released (59.0.1+build1-0ubuntu0.16.04.1)
firefox-esr
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (52.7.2)
xenial Does not exist

libvorbis
Launchpad, Ubuntu, Debian
artful
Released (1.3.5-4ubuntu0.2)
bionic Not vulnerable
(1.3.5-4.2)
precise Does not exist

trusty Does not exist
(trusty was released [1.3.2-1.3ubuntu1.2])
upstream Needs triage

xenial
Released (1.3.5-3ubuntu0.2)
Patches:
upstream: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
thunderbird
Launchpad, Ubuntu, Debian
artful
Released (1:52.7.0+build1-0ubuntu0.17.10.1)
bionic
Released (1:52.7.0+build1-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [1:52.7.0+build1-0ubuntu0.14.04.1])
upstream
Released (52.7.0)
xenial
Released (1:52.7.0+build1-0ubuntu0.16.04.1)