CVE-2018-10393Out-of-bounds Read in Libvorbis

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow13 documents9 sources
Severity
7.5HIGHNVD
OSV8.8
EPSS
0.4%
top 40.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Xiph.org LibvorbisDebian LinuxRedhat Enterprise Linux+3 more
Timeline
PublishedApr 26
Latest updateMay 13

Description

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianxiph.org/libvorbis< 1.3.6-2+3
Ubuntuxiph.org/libvorbis< 1.3.5-3ubuntu0.2+esm1

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 8.0, 8.1, 8.2, 8.4

🔴Vulnerability Details

4
GHSA
GHSA-w834-9cg6-cm69: bark_noise_hybridmp in psy2022-05-13
OSV
libvorbis vulnerabilities2022-05-12
CVEList
CVE-2018-10393: bark_noise_hybridmp in psy2018-04-26
OSV
CVE-2018-10393: bark_noise_hybridmp in psy2018-04-26

📋Vendor Advisories

4
Ubuntu
Vorbis vulnerabilities2022-05-12
Red Hat
libvorbis: stack buffer overflow in bark_noise_hybridmp function2018-04-25
Microsoft
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.2018-04-10
Debian
CVE-2018-10393: libvorbis - bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffe...2018

💬Community

4
Bugzilla
CVE-2018-10393 libvorbis: stack buffer overflow in bark_noise_hybridmp function2018-05-02
Bugzilla
CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [epel-7]2018-05-02
Bugzilla
CVE-2018-10392 CVE-2018-10393 mingw-libvorbis: various flaws [fedora-all]2018-05-02
Bugzilla
CVE-2018-10392 CVE-2018-10393 libvorbis: various flaws [fedora-all]2018-05-02
CVE-2018-10393 — Out-of-bounds Read in Libvorbis | cvebase