Libvorbis Security Vulnerabilities and Issues — Libvorbis CVE List

Lucene search

Xiph.orgLibvorbis

13 matches found

cve•added 2017/07/31 1:29 p.m.•218 views

CVE-2017-11333

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

5.5CVSS6.1AI score0.01188EPSS

cve•added 2017/09/21 7:29 a.m.•201 views

CVE-2017-14633

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

6.5CVSS7.3AI score0.01001EPSS

cve•added 2017/09/21 7:29 a.m.•173 views

CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels

9.8CVSS9.5AI score0.06507EPSS

cve•added 2018/04/26 5:29 a.m.•151 views

CVE-2018-10393

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

7.5CVSS7.9AI score0.00351EPSS

cve•added 2018/04/26 5:29 a.m.•143 views

CVE-2018-10392

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

8.8CVSS8.9AI score0.01361EPSS

cve•added 2017/09/21 2:29 p.m.•112 views

CVE-2017-14160

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

8.8CVSS8.7AI score0.01543EPSS

cve•added 2020/12/26 4:15 a.m.•100 views

CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.

6.5CVSS7.4AI score0.26243EPSS

cve•added 2008/05/16 12:54 p.m.•67 views

CVE-2008-1420

Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.

6.8CVSS7.5AI score0.06463EPSS

cve•added 2008/05/16 12:54 p.m.•54 views

CVE-2008-1419

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.

4.3CVSS6.3AI score0.1135EPSS

cve•added 2008/05/16 12:54 p.m.•54 views

CVE-2008-2009

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

4.3CVSS6.5AI score0.0434EPSS

cve•added 2008/05/16 12:54 p.m.•52 views

CVE-2008-1423

Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.

9.3CVSS7.6AI score0.06606EPSS

cve•added 2007/09/21 7:17 p.m.•48 views

CVE-2007-4066

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe ...

4.3CVSS6.7AI score0.01263EPSS

cve•added 2007/09/21 7:17 p.m.•46 views

CVE-2007-4065

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

4.3CVSS5.9AI score0.05408EPSS