Xiphorg Libvorbis

Do you want an email whenever new security vulnerabilities are reported in Xiphorg Libvorbis?

By the Year

In 2024 there have been 0 vulnerabilities in Xiphorg Libvorbis . Libvorbis did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	6.50
2019	0	0.00
2018	2	8.15

It may take a day or so for new Libvorbis vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xiphorg Libvorbis Security Vulnerabilities

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking

CVE-2020-20412 6.5 - Medium - December 26, 2020

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.

out-of-bounds array index

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which

CVE-2018-10392 8.8 - High - April 26, 2018

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Out-of-bounds Read

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

CVE-2018-10393 7.5 - High - April 26, 2018

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

Out-of-bounds Read

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5

CVE-2017-14160 8.8 - High - September 21, 2017

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Xiphorg? Click the Watch button to subscribe.

Xiphorg
Vendor

Xiphorg Libvorbis
Product

By the Year

Recent Xiphorg Libvorbis Security Vulnerabilities

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking CVE-2020-20412 6.5 - Medium - December 26, 2020

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which CVE-2018-10392 8.8 - High - April 26, 2018

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. CVE-2018-10393 7.5 - High - April 26, 2018

The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 CVE-2017-14160 8.8 - High - September 21, 2017