CVE-2017-11333 in Ubuntu

CVE-2017-11333

Priority

Description

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
1.3.5 allows remote attackers to cause a denial of service (OOM) via a
crafted wav file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333
http://seclists.org/fulldisclosure/2017/Jul/82
https://ubuntu.com/security/notices/USN-3569-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870341
https://sourceforge.net/p/sox/bugs/296/
https://gitlab.xiph.org/xiph/vorbis/issues/2332

Notes

mdeslaur

same fix as CVE-2017-14633

Package

Source: libvorbis (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	not-affected (1.3.5-4.1)
Ubuntu 16.04 ESM:	released (1.3.5-3ubuntu0.1)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.3.2-1.3ubuntu1.1])

Patches:

Upstream:

https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:52:30 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)