[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] libvorbis/libtremor OOB write
From:       Daniel Veditz <dveditz () mozilla ! com>
Date:       2018-03-16 17:34:46
Message-ID: c67f0613-d673-96a3-ba51-01610913d706 () mozilla ! com
[Download RAW message or body]

libvorbis and libtremor can write out of bounds when processing
malformed Vorbis audio data.

libvorbis 1.3.6 fixes CVE-2018-5146
https://github.com/xiph/vorbis/releases/tag/v1.3.6

libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in
the git repo at https://git.xiph.org/?p=tremor.git

-Dan Veditz
[prev in list] [next in list] [prev in thread] [next in thread]