Information on source package libvorbis

Available versions

ReleaseVersion
jessie (security)1.3.4-2+deb8u1
stretch (security)1.3.5-4+deb9u2
buster1.3.6-1
sid1.3.6-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-10393vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablebark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a ...
CVE-2018-10392vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablemapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not ...
CVE-2017-14633vulnerable (no DSA, postponed)fixedfixedfixedIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...
CVE-2017-14160vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...
CVE-2017-11333vulnerable (no DSA, postponed)fixedfixedfixedThe vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...

Resolved issues

BugDescription
CVE-2018-5146An out of bounds memory write while processing Vorbis audio data was ...
CVE-2017-14632Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...
CVE-2012-0444Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...
CVE-2009-3379Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...
CVE-2009-2663libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...
CVE-2008-2009Xiph.org libvorbis before 1.0 does not properly check for ...
CVE-2008-1423Integer overflow in a certain quantvals and quantlist calculation in ...
CVE-2008-1420Integer overflow in residue partition value (aka partvals) evaluation ...
CVE-2008-1419Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...
CVE-2007-4066Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...
CVE-2007-4065lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...
CVE-2007-4029libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...
CVE-2007-3106lib/info.c in libvorbis 1.1.2, and possibly other versions before ...

Security announcements

DSA / DLADescription
DLA-1368-1libvorbis - security update
DSA-4140-1libvorbis - security update
DSA-4140-1libvorbis - security update
DSA-4113-1libvorbis - security update
DSA-2412-1libvorbis - buffer overflow
DSA-1939-1libvorbis - several vulnerabilities
DSA-1939-1libvorbis - several vulnerabilities
DSA-1591-1libvorbis - several vulnerabilities
DSA-1471-1libvorbis - several vulnerabilities
DSA-1471-1libvorbis - several vulnerabilities

Search for package or bug name: Reporting problems