Summary: | <media-libs/libvorbis-1.3.6: Denial of Service and Remote Code Execution vulnerability (CVE-2017-{14632,14633}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maracay, sergeev917, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 650654 | ||
Bug Blocks: |
Description
Aleksandr Wagner (Kivak)
2017-09-21 12:38:23 UTC
CVE-2017-14633 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14633): In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). CVE-2017-14632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14632): Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. CVE-2017-14632 allows remote code execution - seems pretty bad to me. I know upstream haven't released 1.3.6 yet but are there any plans to backport the fix? The fix upstream is a simple 1-liner: https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f the fix for CVE-2017-14633 is 1 simple line too: https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b027a1630d19999f03a141f7d1be13d285571f6 commit 8b027a1630d19999f03a141f7d1be13d285571f6 Author: Alexis Ballier <aballier@gentoo.org> AuthorDate: 2018-03-17 13:43:20 +0000 Commit: Alexis Ballier <aballier@gentoo.org> CommitDate: 2018-03-17 13:43:30 +0000 media-libs/libvorbis: bump to 1.3.6 Bug: https://bugs.gentoo.org/631632 Bug: https://bugs.gentoo.org/650654 Package-Manager: Portage-2.3.24, Repoman-2.3.6 media-libs/libvorbis/Manifest | 1 + media-libs/libvorbis/libvorbis-1.3.6.ebuild | 40 +++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+)} GLSA Vote: No |