CVE-2018-5146

Priority
Medium
Description
An out of bounds memory write while processing Vorbis audio data was
reported through the Pwn2Own contest. This vulnerability affects Firefox <
59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
References
Bugs
Package
Upstream:released (52.7.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:52.7.0+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.7.0+build1-0ubuntu0.16.04.1)
Ubuntu 17.10 (Artful Aardvark):released (1:52.7.0+build1-0ubuntu0.17.10.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:52.7.0+build1-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:52.7.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.2-1.3ubuntu1.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.5-3ubuntu0.2)
Ubuntu 17.10 (Artful Aardvark):released (1.3.5-4ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.3.5-4.2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.3.5-4.2)
Patches:
Upstream:https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
Package
Upstream:released (59.0.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (59.0.1+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (59.0.1+build1-0ubuntu0.16.04.1)
Ubuntu 17.10 (Artful Aardvark):released (59.0.1+build1-0ubuntu0.17.10.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Package
Upstream:released (52.7.2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
More Information

Updated: 2018-06-26 05:03:06 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)