Debian Libvorbisidec vulnerabilities

CVE-2018-5147 [HIGH] CVE-2018-5147: firefox - The libtremor library has the same flaw as CVE-2018-5146. This library is used b... The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. Scope: local sid: resolved (fixed in 59.0.1-1)

CVE-2012-0444 [CRITICAL] CVE-2012-0444: libvorbis - Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and... Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. Scope: local bookw

CVE-2009-2663 [CRITICAL] CVE-2009-2663: libvorbis - libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other... libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-6) bullseye: resolved (fixed in 1.2.0.dfsg-6) forky: r

CVE-2009-3379 [CRITICAL] CVE-2009-3379: libvorbis - Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.... Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: re

CVE-2008-1423 [CRITICAL] CVE-2008-1423: libvorbis - Integer overflow in a certain quantvals and quantlist calculation in Xiph.org li... Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-3.1) bullseye: res

CVE-2008-1419 [MEDIUM] CVE-2008-1419: libvorbis - Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for c... Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-3.1) bullseye: resolved (fixed in 1.2.0.dfsg-3.1) forky: resolved (fixed in 1.2.0.dfsg-3.1) sid: resolve

CVE-2008-1420 [MEDIUM] CVE-2008-1420: libvorbis - Integer overflow in residue partition value (aka partvals) evaluation in Xiph.or... Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-3.1) bullseye: resolved (fixed in 1.2.0.dfsg-3.1) forky: resolved (fixed in 1.2.0.dfsg-3.1) sid:

CVE-2008-2009 [MEDIUM] CVE-2008-2009: libvorbis - Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman... Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-4) bullseye: resolved (fixed in 1.2.0.dfsg-4) forky

CVE-2007-4065 [MEDIUM] CVE-2007-4065: libvorbis - lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows cont... lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. Scope: local bookworm: resolved (fixed in 1.2.0.dfsg-1) bullseye: resolved (fixed in 1.2.0.dfsg-1) forky: resolved (fixed in 1.2.0.dfsg-1) sid: resolved (fixed in 1.2.

CVE-2007-3106 [MEDIUM] CVE-2007-3106: libvorbis - lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ... lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles add

CVE-2007-4029 [MEDIUM] CVE-2007-4029: libvorbis - libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-depend... libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. Scope: local bookworm: resol

CVE-2007-4066 [MEDIUM] CVE-2007-4066: libvorbis - Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-depen... Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. Scope: local bookworm: res