CVE-2017-14633 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633): In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://gitlab.xiph.org/xiph/vorbis/issues/2329 CVE-2017-14632 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632): Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://gitlab.xiph.org/xiph/vorbis/issues/2328
CVE-2017-14633 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14633): In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). CVE-2017-14632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14632): Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2017-14632 allows remote code execution - seems pretty bad to me. I know upstream haven't released 1.3.6 yet but are there any plans to backport the fix? The fix upstream is a simple 1-liner: https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f the fix for CVE-2017-14633 is 1 simple line too: https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b027a1630d19999f03a141f7d1be13d285571f6 commit 8b027a1630d19999f03a141f7d1be13d285571f6 Author: Alexis Ballier <aballier@gentoo.org> AuthorDate: 2018-03-17 13:43:20 +0000 Commit: Alexis Ballier <aballier@gentoo.org> CommitDate: 2018-03-17 13:43:30 +0000 media-libs/libvorbis: bump to 1.3.6 Bug: https://bugs.gentoo.org/631632 Bug: https://bugs.gentoo.org/650654 Package-Manager: Portage-2.3.24, Repoman-2.3.6 media-libs/libvorbis/Manifest | 1 + media-libs/libvorbis/libvorbis-1.3.6.ebuild | 40 +++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+)}
GLSA Vote: No