~/cve/CVE-2018-10393

pipeline liveDigest Docs

CVE-2018-10393

published 2018-04-26

CVE-2018-10393: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libvorbis	< libvorbis 1.3.6-2 (bookworm)	libvorbis 1.3.6-2 (bookworm)
msrc	cbl2_libvorbis_1.3.7-1_on_cbl_mariner_2.0	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
xiph.org	libvorbis	—	—
xiph.org	libvorbis	>= 0 < 1.3.6-2	1.3.6-2
xiph.org	libvorbis	>= 0 < 1.3.6-2	1.3.6-2
xiph.org	libvorbis	>= 0 < 1.3.6-2	1.3.6-2
xiph.org	libvorbis	>= 0 < 1.3.6-2	1.3.6-2
xiph.org	libvorbis	>= 0 < 1.3.5-3ubuntu0.2+esm1	1.3.5-3ubuntu0.2+esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv8.8HIGH