Xiph.Org Libvorbis vulnerabilities

CVE-2020-20412 [MEDIUM] CVE-2020-20412: lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insuff lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.

CVE-2018-5146 [HIGH] CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-10393 [HIGH] CWE-125 CVE-2018-10393: bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

CVE-2018-10392 [HIGH] CWE-125 CVE-2018-10392: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

CVE-2017-14632 [CRITICAL] CWE-119 CVE-2017-14632: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the funct Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14160 [HIGH] CWE-119 CVE-2017-14160: The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cau The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

CVE-2017-14633 [MEDIUM] CWE-125 CVE-2017-14633: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mappin In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

CVE-2017-11333 [MEDIUM] CWE-476 CVE-2017-11333: The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attacker The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

CVE-2012-0444 [CRITICAL] CVE-2012-0444: Mozilla Firefox before 3 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

CVE-2009-3379 [CRITICAL] CVE-2009-3379: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.

CVE-2009-2663 [CRITICAL] CVE-2009-2663: libvorbis before r16182, as used in Mozilla Firefox 3 libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.

CVE-2008-1423 [CRITICAL] CWE-189 CVE-2008-1423: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and ea Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

CVE-2008-1419 [MEDIUM] CWE-20 CVE-2008-1419: Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which a Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

CVE-2008-1420 [MEDIUM] CWE-189 CVE-2008-1420: Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 an Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

CVE-2008-2009 [MEDIUM] CVE-2008-2009: Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

CVE-2007-4066 [MEDIUM] CWE-119 CVE-2007-4066: Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to ca Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

CVE-2007-4065 [MEDIUM] CVE-2007-4065: lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attack lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

CVE-2007-3106 [MEDIUM] CVE-2007-3106: lib/info lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.

CVE-2007-4029 [MEDIUM] CVE-2007-4029: libvorbis 1 libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.