SUSE CVE-2018-10393

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

PT-2020-15266 · Stepmania Team +2 · Stepmania +2

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.3.6 StepMania version 5.0.12 Description: The issue is related to insufficient array bounds checking in libvorbis, which can be exploited via a crafted OGG file. This affects products using libvorbis, including...