Source: libvorbis Version: 1.3.5-4 Severity: important Tags: security upstream Forwarded: https://gitlab.xiph.org/xiph/vorbis/issues/2328
Hi, the following vulnerability was published for libvorbis. CVE-2017-14633[0]: | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability | exists in the function mapping0_forward() in mapping0.c, which may lead | to DoS when operating on a crafted audio file with vorbis_analysis(). The reproducer was not attached to the upstream issue, since looks was not possible for the reporter to include it in the report. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 [1] https://gitlab.xiph.org/xiph/vorbis/issues/2328 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
