libvorbis.so is vulnerable to denial of service. A remote attacker is able to cause an application crash via a crafted mp4 file from an out-of-bounds access in the bark_noise_hybridmp
function in psy.c
.
openwall.com/lists/oss-security/2017/09/21/2
www.securityfocus.com/bid/101045
github.com/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
github.com/xiph/vorbis/issues/39
gitlab.xiph.org/xiph/vorbis/issues/2330
lists.debian.org/debian-lts-announce/2019/11/msg00031.html
lists.debian.org/debian-lts-announce/2021/11/msg00023.html
security.gentoo.org/glsa/202003-36