CVE-2018-10392: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service…

CVE-2018-10392 [HIGH] Vorbis vulnerabilities Title: Vorbis vulnerabilities Summary: Several security issues were fixed in Vorbis. It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-10392 [HIGH] CWE-122 libvorbis: heap buffer overflow in mapping0_forward function libvorbis: heap buffer overflow in mapping0_forward function mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. A heap-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. Package: libvorbis (Red Hat Enterprise Linux 5) - Will not fix Package: libvorbis (Red Hat Enterprise Linux 6) - Fix deferred Package: libvorbis (Red Hat Enterprise Linux 7) - Fix deferred

CVE-2018-10392 [HIGH] CWE-125 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If i

CVE-2018-10392 [HIGH] CVE-2018-10392: libvorbis - mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the... mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.6-2) bullseye: resolved (fixed in 1.3.6-2) forky: resolved (fixed in 1.3.6-2) sid: resolved (fixed in 1.3.6-2) trixie: resolved (fixed in 1.3.6-2)

CVE-2018-10392 [HIGH] CWE-125 GHSA-gqh4-wfj8-7856: mapping0_forward in mapping0 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

CVE-2017-14160 [HIGH] libvorbis vulnerabilities libvorbis vulnerabilities It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393)

CVE-2018-10392 [HIGH] CVE-2018-10392: mapping0_forward in mapping0 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

CVE-2018-10392 [HIGH] CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [epel-7] CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the following template to for the 'fedpkg updat

CVE-2018-10392 [HIGH] CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [fedora-all] CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of

CVE-2018-10392 [HIGH] CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all] CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora

CVE-2018-10392 [HIGH] CVE-2018-10392 libvorbis: heap buffer overflow in mapping0_forward function CVE-2018-10392 libvorbis: heap buffer overflow in mapping0_forward function A flaw was found in libvorbis 1.3.6. The mapping0_forward function in mapping0.c file in Xiph.Org does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) via a crafted file. References: https://gitlab.xiph.org/xiph/vorbis/issues/2335 Discussion: Created libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1574199] Created mingw-libvorbis tracking bugs for this issue: Affects: epel-7 [bug 1574198] Affects: fedora-all [bug 1574200] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703 --- This bug is now c