Opened 7 years ago
Closed 7 years ago
#10551 closed defect (fixed)
libvorbis-1.3.6
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 8.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
New point version.
Fixes CVE-2018-5146 which was used against firefox's internal copy in the recent Pwn2Own contest.
http://openwall.com/lists/oss-security/2018/03/16/4
From the release notes at github
- Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fix CVE-2017-14632 - free() on unitialized data
- Fix CVE-2017-14633 - out-of-bounds read
- Fix bitrate metadata parsing.
- Fix out-of-bounds read in codebook parsing.
- Fix residue vector size in Vorbis I spec.
- Appveyor support
- Travis CI support
- Add secondary CMake build system.
- Build system fixes
Change History (4)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Priority: | normal → high |
| Type: | enhancement → defect |
comment:3 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:4 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at revision 19999.