CVE-2017-11333
published 2017-07-31CVE-2017-11333: The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
PriorityP425medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
4.84%
90.9th percentile
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvorbis | < libvorbis 1.3.5-4.1 (bookworm) | libvorbis 1.3.5-4.1 (bookworm) |
| xiph.org | libvorbis | — | — |
| xiph.org | libvorbis | >= 0 < 1.3.5-4.1 | 1.3.5-4.1 |
| xiph.org | libvorbis | >= 0 < 1.3.5-4.1 | 1.3.5-4.1 |
| xiph.org | libvorbis | >= 0 < 1.3.5-4.1 | 1.3.5-4.1 |
| xiph.org | libvorbis | >= 0 < 1.3.5-4.1 | 1.3.5-4.1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f5gh-mx7q-w5hf: The vorbis_analysis_wrote function in lib/block
ghsa_unreviewed·2022-05-13
CVE-2017-11333 [MEDIUM] CWE-476 GHSA-f5gh-mx7q-w5hf: The vorbis_analysis_wrote function in lib/block
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
OSV
CVE-2017-11333: The vorbis_analysis_wrote function in lib/block
osv·2017-07-31·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333: The vorbis_analysis_wrote function in lib/block
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
Red Hat
libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
vendor_redhat·2017-07-30·CVSS 5.5
CVE-2017-11333 [MEDIUM] CWE-400 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
Package: libvorbis (Red Hat Enterprise Linux 5) - Will not fix
Package: libvorbis (Red Hat Enterprise Linux 6) - Will not fix
Package: libvorbis (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2017-11333: libvorbis - The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 al...
vendor_debian·2017·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333: libvorbis - The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 al...
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
Scope: local
bookworm: resolved (fixed in 1.3.5-4.1)
bullseye: resolved (fixed in 1.3.5-4.1)
forky: resolved (fixed in 1.3.5-4.1)
sid: resolved (fixed in 1.3.5-4.1)
trixie: resolved (fixed in 1.3.5-4.1)
No detection rules found.
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]
bugzilla·2017-08-11·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]
bugzilla·2017-08-11·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
bugzilla·2017-08-11·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c
A flaw was found in libvorbis 1.3.5. The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 can cause a denial of service(OOM) via a
crafted wav file.
References:
http://seclists.org/fulldisclosure/2017/Jul/82
Discussion:
Created libvorbis tracking bugs for this issue:
Affects: fedora-all [bug 1480650]
Created mingw-libvorbis tracking bugs for this issue:
Affects: epel-7 [bug 1480649]
Affects: fedora-all [bug 1480648]
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]
bugzilla·2017-08-11·CVSS 5.5
CVE-2017-11333 [MEDIUM] CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use th
http://seclists.org/fulldisclosure/2017/Jul/82https://lists.debian.org/debian-lts-announce/2018/04/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2019/12/msg00021.htmlhttps://www.exploit-db.com/exploits/42399/http://seclists.org/fulldisclosure/2017/Jul/82https://lists.debian.org/debian-lts-announce/2018/04/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2019/12/msg00021.htmlhttps://www.exploit-db.com/exploits/42399/
2017-07-31
Published