CVE-2018-5146

Опубликовано: 11 июн. 2018

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 6.8

CVSS3: 8.8

Описание

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Релиз	Статус	Примечание
artful	released	59.0.1+build1-0ubuntu0.17.10.1
bionic	not-affected
devel	not-affected
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [59.0.1+build1-0ubuntu0.14.04.1]]
precise/esm	DNE
trusty	released	59.0.1+build1-0ubuntu0.14.04.1
trusty/esm	DNE	trusty was released [59.0.1+build1-0ubuntu0.14.04.1]
upstream	released	59.0.1
xenial	released	59.0.1+build1-0ubuntu0.16.04.1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	52.7.2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	released	1.3.5-4ubuntu0.2
bionic	not-affected	1.3.5-4.2
devel	not-affected	1.3.5-4.2
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [1.3.2-1.3ubuntu1.2]]
esm-infra/bionic	not-affected	1.3.5-4.2
esm-infra/xenial	not-affected	1.3.5-3ubuntu0.2
precise/esm	DNE
trusty	released	1.3.2-1.3ubuntu1.2
trusty/esm	DNE	trusty was released [1.3.2-1.3ubuntu1.2]
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
artful	released	1:52.7.0+build1-0ubuntu0.17.10.1
bionic	released	1:52.7.0+build1-0ubuntu1
devel	released	1:52.7.0+build1-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [1:52.7.0+build1-0ubuntu0.14.04.1]]
precise/esm	DNE
trusty	released	1:52.7.0+build1-0ubuntu0.14.04.1
trusty/esm	DNE	trusty was released [1:52.7.0+build1-0ubuntu0.14.04.1]
upstream	released	52.7.0
xenial	released	1:52.7.0+build1-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%

0.26243

Средний

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2018-5146

CVSS3: 8.8

redhat

больше 7 лет назад

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5146

CVSS3: 8.8

nvd

около 7 лет назад

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2018-5146

CVSS3: 8.8

debian

около 7 лет назад

An out of bounds memory write while processing Vorbis audio data was r ...

openSUSE-SU-2018:0805-1

suse-cvrf

больше 7 лет назад

Security update for libvorbis

openSUSE-SU-2018:0737-1

suse-cvrf

больше 7 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 96%

0.26243

Средний

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2018-5146

Описание

Пакет firefox

Пакет firefox-esr

Пакет libvorbis

Пакет thunderbird

Ссылки на источники

Связанные уязвимости