Описание
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
A heap-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvorbis | Will not fix | ||
| Red Hat Enterprise Linux 6 | libvorbis | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libvorbis | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libvorbis | Fixed | RHSA-2019:3703 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...
3.3 Low
CVSS3