Information on source package libvorbis

Available versions

ReleaseVersion
jessie (security)1.3.4-2+deb8u1
stretch (security)1.3.5-4+deb9u2
buster1.3.6-2
sid1.3.6-2

Open issues

BugjessiestretchbustersidDescription
CVE-2018-10393vulnerable (no DSA)vulnerable (no DSA)fixedfixedbark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...
CVE-2018-10392vulnerable (no DSA)vulnerable (no DSA)fixedfixedmapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...
CVE-2017-14633vulnerable (no DSA, postponed)fixedfixedfixedIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...
CVE-2017-14160vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...
CVE-2017-11333vulnerable (no DSA, postponed)fixedfixedfixedThe vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...

Resolved issues

BugDescription
CVE-2018-5146An out of bounds memory write while processing Vorbis audio data was r ...
CVE-2017-14632Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uni ...
CVE-2012-0444Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...
CVE-2009-3379Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...
CVE-2009-2663libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...
CVE-2008-2009Xiph.org libvorbis before 1.0 does not properly check for underpopulat ...
CVE-2008-1423Integer overflow in a certain quantvals and quantlist calculation in X ...
CVE-2008-1420Integer overflow in residue partition value (aka partvals) evaluation ...
CVE-2008-1419Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero v ...
CVE-2007-4066Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow con ...
CVE-2007-4065lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 a ...
CVE-2007-4029libvorbis 1.1.2, and possibly other versions before 1.2.0, allows cont ...
CVE-2007-3106lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2. ...

Security announcements

DSA / DLADescription
DLA-1368-1libvorbis - security update
DSA-4140-1libvorbis - security update
DSA-4140-1libvorbis - security update
DSA-4113-1libvorbis - security update
DSA-2412-1libvorbis - buffer overflow
DSA-1939-1libvorbis - several vulnerabilities
DSA-1939-1libvorbis - several vulnerabilities
DSA-1591-1libvorbis - several vulnerabilities
DSA-1471-1libvorbis - several vulnerabilities
DSA-1471-1libvorbis - several vulnerabilities

Search for package or bug name: Reporting problems