[3.9] libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393)
A flaw was found in libvorbis 1.3.6. The bark_noise_hybridmp function
in psy.c file in Xiph.Org has a stack-based
buffer over-read which allows remote attackers to cause a denial of
service via a crafted file.
References:
https://gitlab.xiph.org/xiph/vorbis/issues/2334
https://nvd.nist.gov/vuln/detail/CVE-2018-10393
(from redmine: issue id 9527, created on 2018-10-08, closed on 2019-05-04)
- Relations:
- copied_to #9526
- parent #9526
- Changesets:
- Revision 8b809c16 by Natanael Copa on 2019-01-23T19:05:04Z:
main/libvorbis: add secfix comment for CVE-2018-10393
CVE-2018-10393 seems to be a duplicate of CVE-2017-14160
https://gitlab.xiph.org/xiph/vorbis/issues/2334#note_46722
fixes #9527