Date: Fri, 16 Mar 2018 10:34:46 -0700 From: Daniel Veditz <dveditz@...illa.com> To: oss-security@...ts.openwall.com Subject: libvorbis/libtremor OOB write libvorbis and libtremor can write out of bounds when processing malformed Vorbis audio data. libvorbis 1.3.6 fixes CVE-2018-5146 https://github.com/xiph/vorbis/releases/tag/v1.3.6 libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in the git repo at https://git.xiph.org/?p=tremor.git -Dan Veditz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.