← back
CVE-2018-10392

CVE-2018-10392

EPSS 3.3%
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:3703https://gitlab.xiph.org/xiph/vorbis/issues/2335https://lists.debian.org/debian-lts-announce/2019/11/msg00031.htmlhttps://lists.debian.org/debian-lts-announce/2021/11/msg00023.htmlhttps://security.gentoo.org/glsa/202003-36