[3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)
CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis_analysis_headerout()
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis_analysis_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0_forward()
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis_analysis().
References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
(from redmine: issue id 8515, created on 2018-02-20, closed on 2018-03-05)
- Relations:
- parent #8514 (closed)
- Changesets:
- Revision c42d614e on 2018-02-27T14:27:44Z:
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8515