Lucene search

DebianDEBIAN:DLA-2039-1:9E522

HistoryDec 17, 2019 - 6:27 p.m.

[SECURITY] [DLA 2039-1] libvorbis security update

2019-12-1718:27:05

lists.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Package : libvorbis
Version : 1.3.4-2+deb8u3
CVE ID : CVE-2017-11333 CVE-2017-14633

Two issues have been found in libvorbis, a decoder library for Vorbis
General Audio Compression Codec.

2017-14633

 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
 vulnerability exists in the function mapping0_forward() in
 mapping0.c, which may lead to DoS when operating on a crafted
 audio file with vorbis_analysis().

2017-11333

 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
 libvorbis 1.3.5 allows remote attackers to cause a denial of
 service (OOM) via a crafted wav file.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.4-2+deb8u3.

We recommend that you upgrade your libvorbis packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9amd64libvorbis0a< 1.3.5-4+deb9u1libvorbis0a_1.3.5-4+deb9u1_amd64.deb
Debian7i386libvorbisfile3< 1.3.2-1.3+deb7u1libvorbisfile3_1.3.2-1.3+deb7u1_i386.deb
Debian7amd64libvorbisenc2< 1.3.2-1.3+deb7u1libvorbisenc2_1.3.2-1.3+deb7u1_amd64.deb
Debian9i386libvorbisenc2< 1.3.5-4+deb9u1libvorbisenc2_1.3.5-4+deb9u1_i386.deb
Debian8armellibvorbis-dbg< 1.3.4-2+deb8u3libvorbis-dbg_1.3.4-2+deb8u3_armel.deb
Debian9amd64libvorbisenc2< 1.3.5-4+deb9u1libvorbisenc2_1.3.5-4+deb9u1_amd64.deb
Debian9i386libvorbis-dbg< 1.3.5-4+deb9u1libvorbis-dbg_1.3.5-4+deb9u1_i386.deb
Debian9arm64libvorbis0a< 1.3.5-4+deb9u1libvorbis0a_1.3.5-4+deb9u1_arm64.deb
Debian8amd64libvorbisfile3< 1.3.4-2+deb8u3libvorbisfile3_1.3.4-2+deb8u3_amd64.deb
Debian9ppc64ellibvorbis-dev< 1.3.5-4+deb9u1libvorbis-dev_1.3.5-4+deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	amd64	libvorbis0a	< 1.3.5-4+deb9u1	libvorbis0a_1.3.5-4+deb9u1_amd64.deb
Debian	7	i386	libvorbisfile3	< 1.3.2-1.3+deb7u1	libvorbisfile3_1.3.2-1.3+deb7u1_i386.deb
Debian	7	amd64	libvorbisenc2	< 1.3.2-1.3+deb7u1	libvorbisenc2_1.3.2-1.3+deb7u1_amd64.deb
Debian	9	i386	libvorbisenc2	< 1.3.5-4+deb9u1	libvorbisenc2_1.3.5-4+deb9u1_i386.deb
Debian	8	armel	libvorbis-dbg	< 1.3.4-2+deb8u3	libvorbis-dbg_1.3.4-2+deb8u3_armel.deb
Debian	9	amd64	libvorbisenc2	< 1.3.5-4+deb9u1	libvorbisenc2_1.3.5-4+deb9u1_amd64.deb
Debian	9	i386	libvorbis-dbg	< 1.3.5-4+deb9u1	libvorbis-dbg_1.3.5-4+deb9u1_i386.deb
Debian	9	arm64	libvorbis0a	< 1.3.5-4+deb9u1	libvorbis0a_1.3.5-4+deb9u1_arm64.deb
Debian	8	amd64	libvorbisfile3	< 1.3.4-2+deb8u3	libvorbisfile3_1.3.4-2+deb8u3_amd64.deb
Debian	9	ppc64el	libvorbis-dev	< 1.3.5-4+deb9u1	libvorbis-dev_1.3.5-4+deb9u1_ppc64el.deb