[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) (#9142) · Issues · alpine / aports

[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)

A flaw was found in libvorbis 1.3.6. The mapping0_forward function in mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) via a crafted file.

References:

https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392

Patch:

https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b

(from redmine: issue id 9142, created on 2018-07-27, closed on 2018-07-30)

Relations:
- copied_to #9139 (closed)
- parent #9139 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information