CVE-2017-14160Improper Restriction of Operations within the Bounds of a Memory Buffer in Libvorbis

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read12 documents8 sources
Severity
8.8HIGHNVD
EPSS
1.6%
top 18.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xiph.org LibvorbisDebian Linux
Timeline
PublishedSep 21
Latest updateMay 13

Description

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debianxiph.org/libvorbis< 1.3.6-2+3
Ubuntuxiph.org/libvorbis< 1.3.5-3ubuntu0.2+esm1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-g94q-v9xg-xv9r: The bark_noise_hybridmp function in psy2022-05-13
OSV
libvorbis vulnerabilities2022-05-12
CVEList
CVE-2017-14160: The bark_noise_hybridmp function in psy2017-09-21
OSV
CVE-2017-14160: The bark_noise_hybridmp function in psy2017-09-21

📋Vendor Advisories

3
Ubuntu
Vorbis vulnerabilities2022-05-12
Red Hat
libvorbis: Out-of-bounds read in the bark_noise_hybridmp function2017-09-21
Debian
CVE-2017-14160: libvorbis - The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows rem...2017

💬Community

4
Bugzilla
CVE-2017-14160 libvorbis: Out-of-bounds read in the bark_noise_hybridmp function2017-10-09
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]2017-08-11
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]2017-08-11
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]2017-08-11
CVE-2017-14160 — Xiph.org Libvorbis vulnerability | cvebase