Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 19 results


CVE-2018-9527

Medium priority
Not affected

In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Not affected Not affected
Show less packages

CVE-2018-5147

Medium priority

Some fixes available 7 of 8

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.

3 affected packages

firefox, firefox-esr, libvorbisidec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed
firefox-esr Not in release Not in release
libvorbisidec Not affected Fixed
Show less packages

CVE-2018-10393

Low priority

Some fixes available 1 of 3

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2018-10392

Low priority

Some fixes available 1 of 3

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified...

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2018-5146

Medium priority
Fixed

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

4 affected packages

firefox, firefox-esr, libvorbis, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Fixed
firefox-esr Not in release Not in release
libvorbis Not affected Fixed
thunderbird Fixed Fixed
Show less packages

CVE-2017-14160

Low priority

Some fixes available 1 of 4

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Not affected Not affected Not affected Vulnerable Fixed
Show less packages

CVE-2017-14633

Medium priority

Some fixes available 3 of 4

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Fixed
Show less packages

CVE-2017-14632

Medium priority

Some fixes available 3 of 4

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Fixed
Show less packages

CVE-2017-11333

Low priority

Some fixes available 3 of 4

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

1 affected packages

libvorbis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libvorbis Not affected Fixed
Show less packages

CVE-2012-0444

Medium priority

Some fixes available 19 of 29

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of...

6 affected packages

firefox, libvorbis, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox
libvorbis
seamonkey
thunderbird
xulrunner-1.9.2
xulrunner-2.0
Show less packages