CVE-2017-14633 — Out-of-bounds Read in Libvorbis

CWE-125 — Out-of-bounds Read12 documents8 sources

Severity

6.5MEDIUMNVD

OSV9.8

EPSS

0.5%

top 32.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph.org Libvorbis Canonical Ubuntu Linux Debian Linux

Timeline

PublishedSep 21

Latest updateMay 13

Description

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianxiph.org/libvorbis< 1.3.5-4.1+3

▶Ubuntuxiph.org/libvorbis< 1.3.2-1.3ubuntu1.1+1

▶NVDxiph.org/libvorbis1.3.5

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-rq4g-xjq5-5h9m: In Xiph↗2022-05-13

▶

OSV

libvorbis vulnerabilities↗2018-02-13

▶

OSV

CVE-2017-14633: In Xiph↗2017-09-21

▶

CVEList

CVE-2017-14633: In Xiph↗2017-09-21

▶

📋Vendor Advisories

Ubuntu

libvorbis vulnerabilities↗2018-02-13

▶

Red Hat

libvorbis: Out-of-bounds array read in the function mapping0_forward()↗2017-09-14

▶

Debian

CVE-2017-14633: libvorbis - In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in...↗2017

▶

💬Community

Bugzilla

CVE-2017-14633 libvorbis: Out-of-bounds array read in the function mapping0_forward()↗2017-10-09

▶

Bugzilla

CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]↗2017-08-11

▶

Bugzilla

CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]↗2017-08-11

▶

Bugzilla

CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]↗2017-08-11

▶