[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)
A flaw was found in libvorbis 1.3.6. The mapping0_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
(from redmine: issue id 9140, created on 2018-07-27, closed on 2018-07-30)
- Relations:
- copied_to #9139 (closed)
- parent #9139 (closed)