CVE-2018-10392 — Out-of-bounds Read in Libvorbis
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 26
Latest updateMay 13
Description
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 8.0, 8.1, 8.2, 8.4
🔴Vulnerability Details
4📋Vendor Advisories
4Microsoft▶
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read)↗2018-04-10
Debian▶
CVE-2018-10392: libvorbis - mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the...↗2018