CVE-2017-14632

Priority
Description
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.
Notes
Package
Upstream:released (1.3.5-4.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.3.2-1.3ubuntu1.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.5-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5-4.1)
More Information

Updated: 2019-12-05 18:48:16 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)