[3.8] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)
A flaw was found in libvorbis 1.3.6. The mapping0_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
(from redmine: issue id 9141, created on 2018-07-27, closed on 2018-07-30)
- Relations:
- copied_to #9139 (closed)
- parent #9139 (closed)
- Changesets:
- Revision 5983135b by Natanael Copa on 2018-07-30T08:05:56Z:
main/libvorbis: security fix for CVE-2018-10392
fixes #9141
- Revision 1d4e07ef by Natanael Copa on 2018-07-30T08:22:14Z:
main/libvorbis: security fix for CVE-2018-10392
fixes #9141