Date: Fri, 16 Mar 2018 10:34:46 -0700 From: Daniel Veditz <dveditz@...illa.com> To: oss-security@...ts.openwall.com Subject: libvorbis/libtremor OOB write libvorbis and libtremor can write out of bounds when processing malformed Vorbis audio data. libvorbis 1.3.6 fixes CVE-2018-5146 https://github.com/xiph/vorbis/releases/tag/v1.3.6 libtremor doesn't have numbered releases but CVE-2018-5147 is fixed in the git repo at https://git.xiph.org/?p=tremor.git -Dan Veditz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ