oss-sec mailing list archives
libvorbis/libtremor OOB write
From: Daniel Veditz <dveditz () mozilla com>
Date: Fri, 16 Mar 2018 10:34:46 -0700
libvorbis and libtremor can write out of bounds when processing malformed Vorbis audio data. libvorbis 1.3.6 fixes CVE-2018-5146 https://github.com/xiph/vorbis/releases/tag/v1.3.6 libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in the git repo at https://git.xiph.org/?p=tremor.git -Dan Veditz
Current thread:
- libvorbis/libtremor OOB write Daniel Veditz (Mar 16)