CVE-2017-14632 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libvorbis
Severity
9.8CRITICALNVD
EPSS
6.5%
top 8.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 21
Latest updateMay 13
Description
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 7.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2017-14632 libvorbis: Invalid freeing of uninitialized memory in the function vorbis_analysis_headerout()↗2017-10-09
Bugzilla▶
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]↗2017-08-11
Bugzilla▶
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]↗2017-08-11
Bugzilla▶
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]↗2017-08-11