CVE-2018-10392
Description
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.423
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2018:1563-1(SUSE Linux Enterprise Server 11-SP4 ) libvorbis-1.2.0-79.20.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1563-1(SUSE Linux Enterprise Server 11-SP4 ) libvorbis-32bit-1.2.0-79.20.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1563-1(SUSE Linux Enterprise Server 11-SP4 ) libvorbis-doc-1.2.0-79.20.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbis-debugsource-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Server 12-SP3 ) libvorbis-doc-1.3.3-10.14.1.noarch.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbis0-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbis0-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbis0-debuginfo-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbis0-debuginfo-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisenc2-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisenc2-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisenc2-debuginfo-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisenc2-debuginfo-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisfile3-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisfile3-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisfile3-debuginfo-1.3.3-10.14.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1565-1(SUSE Linux Enterprise Desktop 12-SP3 ) libvorbisfile3-debuginfo-32bit-1.3.3-10.14.1.x86_64.rpm | Linux |
| (RHSA-2019:3703) libvorbis security update libvorbis-1.3.6-2.el8.i686.rpm | Linux |
| (RHSA-2019:3703) libvorbis security update libvorbis-1.3.6-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3703) libvorbis security update libvorbis-debugsource-1.3.6-2.el8.i686.rpm | Linux |
| (RHSA-2019:3703) libvorbis security update libvorbis-debugsource-1.3.6-2.el8.x86_64.rpm | Linux |
| (CESA-2019:3703) libvorbis security update libvorbis-1.3.6-2.el8.i686.rpm | Linux |
| (CESA-2019:3703) libvorbis security update libvorbis-1.3.6-2.el8.x86_64.rpm | Linux |
| (RHSA-2019:3703)Low: security update libvorbis-debuginfo-1.3.6-2.el8.i686.rpm | Linux |
| (RHSA-2019:3703)Low: security update libvorbis-debuginfo-1.3.6-2.el8.x86_64.rpm | Linux |
| libvorbis security update (RLSA-2019:3703) libvorbis-1.3.6-2.el8.i686.rpm | Linux |
| libvorbis security update (RLSA-2019:3703) libvorbis-1.3.6-2.el8.x86_64.rpm | Linux |
| Libvorbis update (ELSA-2019-3703) libvorbis-1.3.6-2.el8.i686.rpm | Linux |
| Libvorbis update (ELSA-2019-3703) libvorbis-1.3.6-2.el8.x86_64.rpm | Linux |
| Low: libvorbis security update libvorbis-1.3.6-2.el8.i686.rpm | Linux |
| Low: libvorbis security update libvorbis-1.3.6-2.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234