[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] libvorbis/libtremor OOB write
From: Daniel Veditz <dveditz () mozilla ! com>
Date: 2018-03-16 17:34:46
Message-ID: c67f0613-d673-96a3-ba51-01610913d706 () mozilla ! com
[Download RAW message or body]
libvorbis and libtremor can write out of bounds when processing
malformed Vorbis audio data.
libvorbis 1.3.6 fixes CVE-2018-5146
https://github.com/xiph/vorbis/releases/tag/v1.3.6
libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in
the git repo at https://git.xiph.org/?p=tremor.git
-Dan Veditz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic