[FEDORA-2019-2e385f97e2] Fedora 29: mingw-libvorbis
Severity
Critical
Affected Packages
1
CVEs
8
MinGW cross compiled libvorbis 1.3.6 + various patches backported from git.
This is a security fix for: CVE-2017-11333 CVE-2017-11735 CVE-2017-14160
CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 CVE-2018-10392 CVE-2018-10393
Package | Affected Version |
---|---|
pkg:rpm/fedora/mingw-libvorbis?distro=fedora-29 | < 1.3.6.2.fc29 |
- ID
- FEDORA-2019-2e385f97e2
- Severity
- critical
- Severity from
- CVE-2017-14632
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e385f97e2
- Published
-
2019-01-22T17:42:50
(5 years ago) - Modified
-
2019-01-22T17:42:50
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS-2018-981
- ALAS2-2018-981
- ALPINE:CVE-2017-14160
- ALPINE:CVE-2017-14632
- ALPINE:CVE-2017-14633
- ALPINE:CVE-2018-10392
- ALPINE:CVE-2018-10393
- ALPINE:CVE-2018-5146
- ALSA-2019:3703
- ASA-201803-12
- ASA-201803-13
- ASA-201803-21
- ASA-201803-22
- DSA-4113-1
- DSA-4140-1
- DSA-4143-1
- DSA-4155-1
- ELSA-2018-0549
- ELSA-2018-0647
- ELSA-2018-0648
- ELSA-2018-0649
- ELSA-2018-1058
- ELSA-2019-3703
- FEDORA-2018-0259281ab6
- FEDORA-2018-061bafe369
- FEDORA-2018-3de9cb411f
- FEDORA-2018-def329f680
- FEDORA-2018-f26d891469
- FREEBSD:4200D5F5-B985-11EA-B08A-F8B156B6DCC8
- FREEBSD:64EE858E-E035-4BB4-9C77-2468963DDDB8
- FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1
- GLSA-201811-13
- GLSA-202003-36
- MFSA-2018-08
- MFSA-2018-09
- openSUSE-SU-2018:0818-1
- openSUSE-SU-2018:0819-1
- RHSA-2018:0549
- RHSA-2018:0647
- RHSA-2018:0648
- RHSA-2018:0649
- RHSA-2018:1058
- RHSA-2019:3703
- RLSA-2019:3703
- SSA:2018-076-01
- SSA:2020-186-01
- SUSE-SU-2018:0015-1
- SUSE-SU-2018:0016-1
- SUSE-SU-2018:0783-1
- SUSE-SU-2018:0784-1
- SUSE-SU-2018:0850-1
- SUSE-SU-2018:0907-1
- SUSE-SU-2018:1321-1
- SUSE-SU-2018:1324-1
- SUSE-SU-2018:1563-1
- SUSE-SU-2018:1565-1
- SUSE-SU-2018:1885-1
- USN-3545-1
- USN-3569-1
- USN-3599-1
- USN-3604-1
- USN-5420-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1557221 | Bug #1557221 - CVE-2018-5146 Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) | https://bugzilla.redhat.com/show_bug.cgi?id=1557221 |
Bugzilla | 1480645 | Bug #1480645 - CVE-2017-11735 libvorbis: NULL pointer dereference in vorbis_block_clear function in lib/block.c | https://bugzilla.redhat.com/show_bug.cgi?id=1480645 |
Bugzilla | 1574193 | Bug #1574193 - CVE-2018-10392 libvorbis: heap buffer overflow in mapping0_forward function | https://bugzilla.redhat.com/show_bug.cgi?id=1574193 |
Bugzilla | 1480643 | Bug #1480643 - CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c | https://bugzilla.redhat.com/show_bug.cgi?id=1480643 |
Bugzilla | 1574194 | Bug #1574194 - CVE-2018-10393 libvorbis: stack buffer overflow in bark_noise_hybridmp function | https://bugzilla.redhat.com/show_bug.cgi?id=1574194 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/mingw-libvorbis?distro=fedora-29 | fedora | mingw-libvorbis | < 1.3.6.2.fc29 | fedora-29 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |