VDB-106951 · CVE-2017-14633 · Qualys 170631

Xiph.Org libvorbis 1.3.5 mapping0.c mapping0_forward Audio File out-of-bounds read

A vulnerability has been found in Xiph.Org libvorbis 1.3.5 and classified as critical. Affected by this vulnerability is the function mapping0_forward of the file mapping0.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 7 months after the disclosure of the vulnerability.

Field	09/21/2017 09:49 PM	11/18/2019 03:11 PM	01/13/2021 06:05 PM
vendor	Xiph.Org	Xiph.Org	Xiph.Org
name	libvorbis	libvorbis	libvorbis
version	1.3.5	1.3.5	1.3.5
file	mapping0.c	mapping0.c	mapping0.c
function	mapping0_forward	mapping0_forward	mapping0_forward
input_type	Audio File	Audio File	Audio File
cwe	125 (information disclosure)	125 (information disclosure)	125 (information disclosure)
risk	2	2	2
historic	0	0	0
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	3.7	3.7	3.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.9
cvss3_meta_tempscore	5.1	5.1	5.6
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	5.1	5.1	5.1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
url	https://gitlab.xiph.org/xiph/vorbis/issues/2329	https://gitlab.xiph.org/xiph/vorbis/issues/2329	https://gitlab.xiph.org/xiph/vorbis/issues/2329
price_0day	$0-$5k	$0-$5k	$0-$5k
cve	CVE-2017-14633	CVE-2017-14633	CVE-2017-14633
cve_assigned	1505952000	1505952000	1505952000
cve_nvd_published	1505952000	1505952000	1505952000
cve_nvd_summary	In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().	In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().	In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
nessus_risk	High	High	High
nessus_type	local	local	local
nessus_date	1521417600 (03/19/2018)	1521417600 (03/19/2018)	1521417600 (03/19/2018)
qualys_id	170631	170631	170631
qualys_title	SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)	SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)	SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)
seealso	106950	106950	106950
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
reaction_days	176	176	176
exposure_days	176	176	176
discoverydate		1505952000	1505952000
cvss2_nvd_av		N	N
cvss2_nvd_ac		M	M
cvss2_nvd_au		N	N
cvss2_nvd_ci		N	N
cvss2_nvd_ii		N	N
cvss2_nvd_ai		P	P
name		Upgrade	Upgrade
date		1521158400 (03/16/2018)	1521158400 (03/16/2018)
oval_id		oval:org.cisecurity:def:4114	oval:org.cisecurity:def:4114
nessus_id		108429	108429
nessus_name		FreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)	FreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)
nessus_filename		freebsd_pkg_64ee858ee0354bb49c772468963dddb8.nasl	freebsd_pkg_64ee858ee0354bb49c772468963dddb8.nasl
nessus_family		FreeBSD Local Security Checks	FreeBSD Local Security Checks
openvas_id		867564	867564
openvas_filename		deb_4113.nasl	deb_4113.nasl
openvas_title		Debian Security Advisory DSA 4113-1 (libvorbis - security update)	Debian Security Advisory DSA 4113-1 (libvorbis - security update)
openvas_family		Debian Local Security Checks	Debian Local Security Checks
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_basescore			4.3
cvss3_nvd_basescore			6.5

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!