[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)
A flaw was found in libvorbis 1.3.6. The mapping0_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) via a crafted file.
(from redmine: issue id 9142, created on 2018-07-27, closed on 2018-07-30)