VDB-106951 · CVE-2017-14633 · Qualys 170631

Xiph.Org libvorbis 1.3.5 mapping0.c mapping0_forward Audio File out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Xiph.Org libvorbis 1.3.5 and classified as critical. Affected by this vulnerability is the function mapping0_forward of the file mapping0.c. Upgrading eliminates this vulnerability. A possible mitigation has been published 7 months after the disclosure of the vulnerability.

Field09/21/2017 09:49 PM11/18/2019 03:11 PM01/13/2021 06:05 PM
vendorXiph.OrgXiph.OrgXiph.Org
namelibvorbislibvorbislibvorbis
version1.3.51.3.51.3.5
filemapping0.cmapping0.cmapping0.c
functionmapping0_forwardmapping0_forwardmapping0_forward
input_typeAudio FileAudio FileAudio File
cwe125 (information disclosure)125 (information disclosure)125 (information disclosure)
risk222
historic000
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.9
cvss3_meta_tempscore5.15.15.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
urlhttps://gitlab.xiph.org/xiph/vorbis/issues/2329https://gitlab.xiph.org/xiph/vorbis/issues/2329https://gitlab.xiph.org/xiph/vorbis/issues/2329
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14633CVE-2017-14633CVE-2017-14633
cve_assigned150595200015059520001505952000
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
nessus_riskHighHighHigh
nessus_typelocallocallocal
nessus_date1521417600 (03/19/2018)1521417600 (03/19/2018)1521417600 (03/19/2018)
qualys_id170631170631170631
qualys_titleSUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)
seealso106950106950106950
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days176176176
exposure_days176176176
discoverydate15059520001505952000
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
nameUpgradeUpgrade
date1521158400 (03/16/2018)1521158400 (03/16/2018)
oval_idoval:org.cisecurity:def:4114oval:org.cisecurity:def:4114
nessus_id108429108429
nessus_nameFreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)FreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)
nessus_filenamefreebsd_pkg_64ee858ee0354bb49c772468963dddb8.naslfreebsd_pkg_64ee858ee0354bb49c772468963dddb8.nasl
nessus_familyFreeBSD Local Security ChecksFreeBSD Local Security Checks
openvas_id867564867564
openvas_filenamedeb_4113.nasldeb_4113.nasl
openvas_titleDebian Security Advisory DSA 4113-1 (libvorbis - security update)Debian Security Advisory DSA 4113-1 (libvorbis - security update)
openvas_familyDebian Local Security ChecksDebian Local Security Checks
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_basescore4.3
cvss3_nvd_basescore6.5

Want to stay up to date on a daily basis?

Enable the mail alert feature now!