Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2018 10:34:46 -0700
From: Daniel Veditz <>
Subject: libvorbis/libtremor OOB write

libvorbis and libtremor can write out of bounds when processing
malformed Vorbis audio data.

libvorbis 1.3.6 fixes CVE-2018-5146

libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in
the git repo at

-Dan Veditz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ