[3.6] libvorbis: out-of-bounds access and application crash (CVE-2017-14160)
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5
allows remote attackers to cause a denial of service
(out-of-bounds access and application crash) or possibly have
unspecified other impact via a crafted mp4 file.
References:
http://openwall.com/lists/oss-security/2017/09/21/2
https://nvd.nist.gov/vuln/detail/CVE-2017-14160
(from redmine: issue id 7938, created on 2017-09-28, closed on 2017-11-23)
- Relations:
- parent #7936 (closed)
- Changesets:
- Revision 71370102 by Natanael Copa on 2017-11-23T09:43:11Z:
main/libvorbis: fix for CVE-2017-14160
upstream issue: https://gitlab.xiph.org/xiph/vorbis/issues/2330
fixes #7938