CVE-2018-5146

Опубликовано: 11 июн. 2018

Источник: debian

EPSS Средний

Описание

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Пакеты

Пакет	Статус	Версия исправления	Тип
firefox	fixed	59.0.1-1	package
firefox-esr	fixed	52.7.2esr-1	package
thunderbird	fixed	1:52.7.0-1	package
libvorbis	fixed	1.3.5-4.2	package

Примечания

https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f (v1.3.6)
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/

EPSS

Процентиль: 96%

0.26243

Средний

Связанные уязвимости

CVE-2018-5146

CVSS3: 8.8

ubuntu

около 7 лет назад

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5146

CVSS3: 8.8

redhat

больше 7 лет назад

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5146

CVSS3: 8.8

nvd

около 7 лет назад

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

openSUSE-SU-2018:0805-1

suse-cvrf

больше 7 лет назад

Security update for libvorbis

openSUSE-SU-2018:0737-1

suse-cvrf

больше 7 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 96%

0.26243

Средний