GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 16, 2020 10:26 pm Post subject: [ GLSA 202003-36 ] libvorbis |
|
|
Gentoo Linux Security Advisory
Title: libvorbis: Multiple vulnerabilities (GLSA 202003-36)
Severity: normal
Exploitable: local, remote
Date: 2020-03-16
Bug(s): #631646, #699862
ID: 202003-36
Synopsis
Multiple vulnerabilities have been found in libvorbis, the worst of
which could result in a Denial of Service condition.
Background
libvorbis is the reference implementation of the Xiph.org Ogg Vorbis
audio file format. It is used by many applications for playback of Ogg
Vorbis files.
Affected Packages
Package: media-libs/libvorbis
Vulnerable: < 1.3.6-r1
Unaffected: >= 1.3.6-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in libvorbis. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker, by enticing the user to process a specially crafted
audio file, could possibly cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All libvorbis users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libvorbis-1.3.6-r1"
|
References
CVE-2017-14160
CVE-2018-10392
CVE-2018-10393 |
|