An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq17.10
debian_linuxeq8.0
debian_linuxeq7.0
debian_linuxeq9.0
firefoxlt59.0.1
firefox_esrlt52.7.2
thunderbirdlt52.7.0
enterprise_linux_desktopeq7.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	17.10
debian_linux	eq	8.0
debian_linux	eq	7.0
debian_linux	eq	9.0
firefox	lt	59.0.1
firefox_esr	lt	52.7.2
thunderbird	lt	52.7.0
enterprise_linux_desktop	eq	7.0

Rows per page:

1-10 of 221

References

www.securityfocus.com/bid/103432

www.securitytracker.com/id/1040544

access.redhat.com/errata/RHSA-2018:0549

access.redhat.com/errata/RHSA-2018:0647

access.redhat.com/errata/RHSA-2018:0648

access.redhat.com/errata/RHSA-2018:0649

access.redhat.com/errata/RHSA-2018:1058

bugzilla.mozilla.org/show_bug.cgi?id=1446062

lists.debian.org/debian-lts-announce/2018/03/msg00022.html

lists.debian.org/debian-lts-announce/2018/03/msg00029.html

lists.debian.org/debian-lts-announce/2018/04/msg00033.html

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3545-1/

usn.ubuntu.com/3599-1/

usn.ubuntu.com/3604-1/

www.debian.org/security/2018/dsa-4140

www.debian.org/security/2018/dsa-4143

www.debian.org/security/2018/dsa-4155

www.mozilla.org/security/advisories/mfsa2018-08/

www.mozilla.org/security/advisories/mfsa2018-09/

nessus 64

oraclelinux 5

android 1

openvas 38

fedora 5

osv 7

centos 5

ubuntu 3

cve 3

alpinelinux 1

mageia 3

redhat 5

ibm 3

ubuntucve 2

debian 7

veracode 2

checkpoint_advisories 1

redhatcve 1

zdi 1

debiancve 2

cloudfoundry 1

amazon 2

archlinux 4

prion 2

suse 1

kaspersky 3

freebsd 1

mozilla 2

slackware 1

altlinux 1

threatpost 1

gentoo 1

nessus

Scientific Linux Security Update : libvorbis on SL7.x x86_64 (20180410)

2018-05-01 00:00:00

Fedora 26 : 1:libvorbis (2018-f26d891469)

2018-03-28 00:00:00

SUSE SLES11 Security Update : libvorbis (SUSE-SU-2018:0783-1)

2018-03-27 00:00:00

oraclelinux

firefox security update

2018-03-19 00:00:00

libvorbis security update

2018-04-17 00:00:00

libvorbis security update

2018-04-05 00:00:00

android

CVE-2018-5146

2018-06-01 00:00:00

openvas

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1155)

2020-01-23 00:00:00

Mozilla Firefox ESR Security Advisories (MFSA2018-08, MFSA2018-08) - Windows

2018-03-22 00:00:00

Huawei EulerOS: Security Advisory for libvorbis (EulerOS-SA-2018-1105)

2020-01-23 00:00:00

fedora

[SECURITY] Fedora 26 Update: libvorbis-1.3.6-1.fc26

2018-03-27 19:31:39

[SECURITY] Fedora 28 Update: libvorbis-1.3.6-1.fc28

2018-03-30 13:35:33

[SECURITY] Fedora 27 Update: libvorbis-1.3.6-1.fc27

2018-03-20 18:26:53

osv

CVE-2018-5146

2018-06-11 21:29:00

libvorbis - security update

2018-03-16 00:00:00

firefox-esr - security update

2018-03-27 00:00:00

centos

libvorbis security update

2018-05-30 18:24:08

libvorbis security update

2018-04-09 23:35:22

firefox security update

2018-03-20 16:39:22

ubuntu

Firefox vulnerability

2018-03-16 00:00:00

libvorbis vulnerability

2018-03-22 00:00:00

Thunderbird vulnerabilities

2018-03-29 00:00:00

cve

CVE-2018-5146

2018-06-11 21:29:00

CVE-2020-20412

2020-12-26 04:15:00

CVE-2018-5147

2018-06-11 21:29:00

alpinelinux

CVE-2018-5146

2018-06-11 21:29:00

mageia

Updated libvorbis packages fix security vulnerability

2018-03-19 15:13:14

Updated thunderbird packages fix security vulnerability

2018-04-15 16:33:47

Updated thunderbird packages fix bugs and security vulnerabilities

2018-04-20 20:24:13

redhat

(RHSA-2018:0649) Important: libvorbis security update

2018-04-05 19:03:13

(RHSA-2018:1058) Important: libvorbis security update

2018-04-10 08:05:03

(RHSA-2018:0549) Critical: firefox security update

2018-03-19 03:31:41

ibm

Security Bulletin: A vulnerability in libvorbis affects PowerKVM

2018-07-07 00:01:25

Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management

2019-10-18 03:36:34

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

ubuntucve

CVE-2018-5146

2018-03-16 00:00:00

CVE-2018-5147

2018-06-11 00:00:00

debian

[SECURITY] [DSA 4140-1] libvorbis security update

2018-03-16 19:54:42

[SECURITY] [DSA 4140-1] libvorbis security update

2018-03-16 19:50:51

[SECURITY] [DSA 4143-1] firefox-esr security update

2018-03-17 18:23:06

veracode

Denial Of Service (DoS) Through Out-of-Bounds Write

2019-01-15 09:22:28

Denial Of Service (DoS) Through Out-of-Bounds Write

2018-04-25 09:40:14

checkpoint_advisories

Mozilla Firefox Vorbis Audio Residue Codebook Out of Bounds Write (CVE-2018-5146)

2018-05-14 00:00:00

redhatcve

CVE-2018-5146

2018-03-16 17:48:59

zdi

(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability

2018-03-23 00:00:00

debiancve

CVE-2018-5146

2018-06-11 21:29:00

CVE-2018-5147

2018-06-11 21:29:00

cloudfoundry

USN-3604-1: libvorbis vulnerability | Cloud Foundry

2018-05-02 00:00:00

amazon

Critical: libvorbis

2018-03-22 22:02:00

Critical: libvorbis

2018-04-05 15:57:00

archlinux

[ASA-201803-13] firefox: arbitrary code execution

2018-03-18 00:00:00

[ASA-201803-21] lib32-libvorbis: multiple issues

2018-03-19 00:00:00

[ASA-201803-12] libvorbis: multiple issues

2018-03-16 00:00:00

prion

Code injection

2018-06-11 21:29:00

Design/Logic Flaw

2020-12-26 04:15:00

suse

Security update for MozillaFirefox (important)

2018-03-18 15:11:21

kaspersky

KLA11594 SB vulnerabilities in Mozilla Firefox

2018-03-16 00:00:00

KLA11595 SB vulnerabilities in Mozilla Firefox ESR

2018-03-16 00:00:00

KLA11229 Multiple vulnerabilities in Mozilla Thunderbird

2018-03-23 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2018-03-16 00:00:00

mozilla

Out of bounds memory write while processing Vorbis audio data — Mozilla

2018-03-16 00:00:00

Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla

2018-03-23 00:00:00

slackware

[slackware-security] libvorbis

2018-03-18 04:31:27

altlinux

Security fix for the ALT Linux 10 package thunderbird version 52.7.0-alt1

2018-03-24 00:00:00

threatpost

Google Patches 11 Critical Android Bugs in June Update

2018-06-05 17:30:40

gentoo

Mozilla Thunderbird: Multiple vulnerabilities

2018-11-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.38 Low

EPSS

Percentile

97.1%

JSON

Related for PRION:CVE-2018-5146