Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Xiph.org Subscribe
Filtered by product Libvorbis
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20412 2 Stepmania, Xiph.org 2 Stepmania, Libvorbis 2023-01-18 4.3 MEDIUM 6.5 MEDIUM
lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
CVE-2018-10392 3 Debian, Redhat, Xiph.org 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2021-11-30 6.8 MEDIUM 8.8 HIGH
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
CVE-2017-14160 2 Debian, Xiph.org 2 Debian Linux, Libvorbis 2021-11-30 6.8 MEDIUM 8.8 HIGH
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
CVE-2018-10393 3 Debian, Redhat, Xiph.org 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2021-11-30 5.0 MEDIUM 7.5 HIGH
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
CVE-2017-14633 3 Canonical, Debian, Xiph.org 3 Ubuntu Linux, Debian Linux, Libvorbis 2020-12-07 4.3 MEDIUM 6.5 MEDIUM
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
CVE-2017-14632 3 Canonical, Debian, Xiph.org 3 Ubuntu Linux, Debian Linux, Libvorbis 2020-12-07 7.5 HIGH 9.8 CRITICAL
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2008-2009 2 Canonical, Xiph.org 2 Ubuntu Linux, Libvorbis 2019-10-28 4.3 MEDIUM N/A
Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.
CVE-2017-11333 1 Xiph.org 1 Libvorbis 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CVE-2008-1420 2 Redhat, Xiph.org 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis 2018-10-03 6.8 MEDIUM N/A
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
CVE-2008-1423 2 Redhat, Xiph.org 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis 2017-09-28 9.3 HIGH N/A
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.
CVE-2008-1419 2 Redhat, Xiph.org 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis 2017-09-28 4.3 MEDIUM N/A
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
CVE-2007-4065 1 Xiph.org 1 Libvorbis 2017-09-28 4.3 MEDIUM N/A
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.
CVE-2007-4066 1 Xiph.org 1 Libvorbis 2017-09-28 4.3 MEDIUM N/A
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.