[manjaro-security] [ASA-201803-21] lib32-libvorbis: multiple issues

Levente Polyak anthraxx at archlinux.org
Thu Mar 22 02:52:32 CET 2018


Arch Linux Security Advisory ASA-201803-21
==========================================

Severity: Critical
Date    : 2018-03-19
CVE-ID  : CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
Package : lib32-libvorbis
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-658

Summary
=======

The package lib32-libvorbis before version 1.3.6-1 is vulnerable to
multiple issues including arbitrary code execution and denial of
service.

Resolution
==========

Upgrade to 1.3.6-1.

# pacman -Syu "lib32-libvorbis>=1.3.6-1"

The problems have been fixed upstream in version 1.3.6.

Workaround
==========

None.

Description
===========

- CVE-2017-14632 (arbitrary code execution)

fXiph.Org libvorbis before 1.3.6 allows remote code execution upon
freeing uninitialized memory in the function
vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar
issue to Mozilla bug 550184.

- CVE-2017-14633 (denial of service)

In Xiph.Org libvorbis before 1.3.6, an out-of-bounds array read
vulnerability exists in the function mapping0_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis_analysis().

- CVE-2018-5146 (arbitrary code execution)

An out of bounds memory write vulnerability has been discovered in
libvorbis before 1.3.6 while processing Vorbis audio data related to
codebooks that are not an exact divisor of the partition size.

Impact
======

A remote attacker is able to execute arbitrary code or crash the
application by tricking the user into playing a specially crafted
vorbis file.

References
==========

https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f
https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f
http://seclists.org/oss-sec/2018/q1/243
https://security.archlinux.org/CVE-2017-14632
https://security.archlinux.org/CVE-2017-14633
https://security.archlinux.org/CVE-2018-5146

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20180322/932c8565/attachment.sig>


More information about the manjaro-security mailing list