CVE-2017-14632

Priority
Description
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in info.c
when vi->channels<=0, a similar issue to Mozilla bug 550184.
Package
Upstream:released (1.3.5-4.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.2-1.3ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.5-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5-4.1)
More Information

Updated: 2019-01-14 22:29:30 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)