Fedora 28 update for libvorbis
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-14160 CVE-2018-10392 CVE-2018-10393 CVE-2017-11333 CVE-2017-14632 CVE-2017-14633 |
| CWE-ID | CWE-125 CWE-119 CWE-126 CWE-476 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system libvorbis Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU12882
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14160
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Descriptionthe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the bark_noise_hybridmp function in psy.c due to out-of-bounds read. A remote attacker can trick the victim into opening a specially crafted mp4 file and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU13263
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10392
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper validation of the number of channels by mapping0_forward in mapping0.c in Xiph.Org libvorbis. A remote unauthenticated attacker can send a specially crafted file, trigger heap-based buffer overflow or over-read and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer over-read
EUVDB-ID: #VU12883
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10393
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in bark_noise_hybridmp in psy.c due to stack-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU38626
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-11333
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU10569
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-14632
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0. A remote attacker can supply specially crafted files, trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU10571
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14633
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the function mapping0_forward() in mapping0.c due to out-of-bounds array read. A remote attacker can send the specially crafted audio file, trick the victim into operating it with vorbis_analysis() and cause the application to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
libvorbis: before 1.3.6-3.fc28
CPE2.3- cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:libvorbis:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
