VDB-106951 · CVE-2017-14633 · Qualys 170631

Xiph.Org libvorbis 1.3.5 mapping0.c mapping0_forward Audio File Information Disclosure

eintrageditHistoryDiffjsonxmlCTI

In Xiph.Org libvorbis 1.3.5 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion mapping0_forward der Datei mapping0.c. Ein Aktualisieren vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah 7 Monate nach der Veröffentlichung der Schwachstelle. Xiph.Org hat damit fahrlässig langsam und viel spät gehandelt.

Feld21.09.2017 21:4918.11.2019 15:1113.01.2021 18:05
vendorXiph.OrgXiph.OrgXiph.Org
namelibvorbislibvorbislibvorbis
version1.3.51.3.51.3.5
filemapping0.cmapping0.cmapping0.c
functionmapping0_forwardmapping0_forwardmapping0_forward
input_typeAudio FileAudio FileAudio File
cwe125 (Information Disclosure)125 (Information Disclosure)125 (Information Disclosure)
risk222
historic000
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.9
cvss3_meta_tempscore5.15.15.6
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1505952000 (21.09.2017)1505952000 (21.09.2017)1505952000 (21.09.2017)
urlhttps://gitlab.xiph.org/xiph/vorbis/issues/2329https://gitlab.xiph.org/xiph/vorbis/issues/2329https://gitlab.xiph.org/xiph/vorbis/issues/2329
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-14633CVE-2017-14633CVE-2017-14633
cve_assigned150595200015059520001505952000
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
nessus_riskHighHighHigh
nessus_typelocallocallocal
nessus_date1521417600 (19.03.2018)1521417600 (19.03.2018)1521417600 (19.03.2018)
qualys_id170631170631170631
qualys_titleSUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)SUSE Enterprise Linux Security Update for libvorbis (SUSE-SU-2018:0015-1)
seealso106950106950106950
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days176176176
exposure_days176176176
discoverydate15059520001505952000
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
nameUpgradeUpgrade
date1521158400 (16.03.2018)1521158400 (16.03.2018)
oval_idoval:org.cisecurity:def:4114oval:org.cisecurity:def:4114
nessus_id108429108429
nessus_nameFreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)FreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)
nessus_filenamefreebsd_pkg_64ee858ee0354bb49c772468963dddb8.naslfreebsd_pkg_64ee858ee0354bb49c772468963dddb8.nasl
nessus_familyFreeBSD Local Security ChecksFreeBSD Local Security Checks
openvas_id867564867564
openvas_filenamedeb_4113.nasldeb_4113.nasl
openvas_titleDebian Security Advisory DSA 4113-1 (libvorbis - security update)Debian Security Advisory DSA 4113-1 (libvorbis - security update)
openvas_familyDebian Local Security ChecksDebian Local Security Checks
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_basescore4.3
cvss3_nvd_basescore6.5

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!