|Reported by:||Bruce Dubbs||Owned by:||Bruce Dubbs|
Description (last modified by )
New point version.
Fixes CVE-2018-5146 which was used against firefox's internal copy in the recent Pwn2Own contest.
From the release notes at github
- Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
- Fix CVE-2017-14632 - free() on unitialized data
- Fix CVE-2017-14633 - out-of-bounds read
- Fix bitrate metadata parsing.
- Fix out-of-bounds read in codebook parsing.
- Fix residue vector size in Vorbis I spec.
- Appveyor support
- Travis CI support
- Add secondary CMake build system.
- Build system fixes
Change History (4)
comment:2 by , 5 years ago
|Priority:||normal → high|
|Type:||enhancement → defect|