USN-3604-1: libvorbis vulnerability

22 March 2018

libvorbis vulnerability


  • libvorbis - The Vorbis General Audio Compression Codec


Richard Zhu discovered that libvorbis incorrectly handled certain sound
files. An attacker could use this to cause libvorbis to crash, resulting in
a denial or service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10
Ubuntu 16.04
Ubuntu 14.04

After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.