CVE-2017-14632

Priority
Description
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.
Package
Upstream:released (1.3.5-4.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.2-1.3ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.5-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5-4.1)
More Information

Updated: 2018-10-31 21:26:08 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)