Home

CVE-2018-5146

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
55.237

Associated Vulnerability

VulnerabilityOS Platform
Updates for Mozilla Thunderbird (52.7.0)Windows
Vulnerability CVE-2018-5146,CVE-2018-5147 are affected in Mozilla Firefox 59.0Windows
Vulnerabilities CVE-2018-5146,CVE-2018-5147 are fixed in Update for Mozilla Firefox For Mac (59.0.1)Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.6.0Mac
Vulnerabilities CVE-2018-5146,CVE-2018-5147 are affected in Firefox ESR for Mac 52.7.1Mac
Vulnerabilities CVE-2018-5146,CVE-2018-5147 are affected in Mozilla Firefox for Mac 52.7.1Mac
Vulnerabilities CVE-2018-5146,CVE-2018-5147 are affected in Mozilla Firefox for Mac 59.0Mac
Vulnerabilities CVE-2018-5146,CVE-2018-5147 are fixed in Mozilla Firefox For Mac 52.7.2Mac
Mozilla Open Source web browser (USN-3599-1) firefox_59.0.1+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3599-1) firefox_59.0.1+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3599-1) firefox_59.0.1+build1-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3599-1) firefox_59.0.1+build1-0ubuntu0.16.04.1_amd64.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.5-3ubuntu0.2_i386.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.5-3ubuntu0.2_amd64.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.5-4ubuntu0.2_i386.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.5-4ubuntu0.2_amd64.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.2-1.3ubuntu1.2_i386.debLinux
The Vorbis General Audio Compression Codec (USN-3604-1) libvorbis0a_1.3.2-1.3ubuntu1.2_amd64.debLinux
firefox-esr security update(DSA-4143-1) firefox-esr_52.7.2esr-1~deb8u1_i386.debLinux
firefox-esr security update(DSA-4143-1) firefox-esr_52.7.2esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-4143-1) firefox-esr_52.7.2esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4143-1) firefox-esr_52.7.2esr-1~deb9u1_amd64.debLinux
Libvorbis security update (CESA-2018:0649) libvorbis-1.2.3-5.el6_9.1.i686.rpmLinux
Libvorbis security update (CESA-2018:0649) libvorbis-1.2.3-5.el6_9.1.x86_64.rpmLinux
Libvorbis security update (CESA-2018:0649) libvorbis-devel-1.2.3-5.el6_9.1.i686.rpmLinux
Libvorbis security update (CESA-2018:0649) libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpmLinux
Libvorbis security update (CESA-2018:0649) libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpmLinux
(RHSA-2018:0549) Critical: firefox security update firefox-52.7.2-1.el6_9.i686.rpmLinux
(RHSA-2018:0549) Critical: firefox security update firefox-52.7.2-1.el6_9.x86_64.rpmLinux
(RHSA-2018:0549) Critical: firefox security update firefox-52.7.2-1.el7_4.i686.rpmLinux
(RHSA-2018:0549) Critical: firefox security update firefox-52.7.2-1.el7_4.x86_64.rpmLinux
(RHSA-2018:0649) Important: libvorbis security update libvorbis-1.2.3-5.el6_9.1.i686.rpmLinux
(RHSA-2018:0649) Important: libvorbis security update libvorbis-1.2.3-5.el6_9.1.x86_64.rpmLinux
(RHSA-2018:0649) Important: libvorbis security update libvorbis-devel-1.2.3-5.el6_9.1.i686.rpmLinux
(RHSA-2018:0649) Important: libvorbis security update libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpmLinux
(RHSA-2018:0649) Important: libvorbis security update libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpmLinux
(RHSA-2018:1058) Important: libvorbis security update libvorbis-1.3.3-8.el7.1.i686.rpmLinux
(RHSA-2018:1058) Important: libvorbis security update libvorbis-1.3.3-8.el7.1.x86_64.rpmLinux
(RHSA-2018:1058) Important: libvorbis security update libvorbis-devel-1.3.3-8.el7.1.i686.rpmLinux
(RHSA-2018:1058) Important: libvorbis security update libvorbis-devel-1.3.3-8.el7.1.x86_64.rpmLinux
(RHSA-2018:1058) Important: libvorbis security update libvorbis-devel-docs-1.3.3-8.el7.1.noarch.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbis-debugsource-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Server 12-SP2 ) libvorbis-doc-1.3.3-10.6.1.noarch.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbis0-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbis0-32bit-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbis0-debuginfo-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbis0-debuginfo-32bit-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisenc2-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisenc2-32bit-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisenc2-debuginfo-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisenc2-debuginfo-32bit-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisfile3-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisfile3-32bit-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisfile3-debuginfo-1.3.3-10.6.1.x86_64.rpmLinux
SUSE-SU-2018:0784-1(SUSE Linux Enterprise Desktop 12-SP2 ) libvorbisfile3-debuginfo-32bit-1.3.3-10.6.1.x86_64.rpmLinux
Libvorbis update (ELSA-2018-0649) libvorbis-1.2.3-5.el6_9.1.x86_64.rpmLinux
Libvorbis-devel update (ELSA-2018-0649) libvorbis-devel-1.2.3-5.el6_9.1.x86_64.rpmLinux
Libvorbis-devel-docs update (ELSA-2018-0649) libvorbis-devel-docs-1.2.3-5.el6_9.1.noarch.rpmLinux
Libvorbis update (ELSA-2018-0649) libvorbis-1.2.3-5.el6_9.1.i686.rpmLinux
Libvorbis-devel update (ELSA-2018-0649) libvorbis-devel-1.2.3-5.el6_9.1.i686.rpmLinux
Libvorbis update (ELSA-2018-1058) libvorbis-1.3.3-8.el7.1.x86_64.rpmLinux
Libvorbis-devel update (ELSA-2018-1058) libvorbis-devel-1.3.3-8.el7.1.x86_64.rpmLinux
Libvorbis-devel-docs update (ELSA-2018-1058) libvorbis-devel-docs-1.3.3-8.el7.1.noarch.rpmLinux
Libvorbis update (ELSA-2018-1058) libvorbis-1.3.3-8.el7.1.i686.rpmLinux
Libvorbis-devel update (ELSA-2018-1058) libvorbis-devel-1.3.3-8.el7.1.i686.rpmLinux
(RHSA-2018:1058)Important: security update libvorbis-debuginfo-1.3.3-8.el7.1.i686.rpmLinux
(RHSA-2018:1058)Important: security update libvorbis-debuginfo-1.3.3-8.el7.1.x86_64.rpmLinux
libvorbis Security Update (ALAS-2018-981) libvorbis-1.3.3-8.amzn2.0.1.x86_64.rpmLinux
libvorbis Security Update (ALAS-2018-981) libvorbis-devel-1.3.3-8.amzn2.0.1.x86_64.rpmLinux
libvorbis Security Update (ALAS-2018-981) libvorbis-devel-docs-1.3.3-8.amzn2.0.1.noarch.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307296Updates for Mozilla Thunderbird (52.7.0)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234