Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2018 10:34:46 -0700
From: Daniel Veditz <dveditz@...illa.com>
To: oss-security@...ts.openwall.com
Subject: libvorbis/libtremor OOB write

libvorbis and libtremor can write out of bounds when processing
malformed Vorbis audio data.

libvorbis 1.3.6 fixes CVE-2018-5146
https://github.com/xiph/vorbis/releases/tag/v1.3.6

libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in
the git repo at https://git.xiph.org/?p=tremor.git

-Dan Veditz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.