#VU10569 Memory corruption in libvorbis - CVE-2017-14632


| Updated: 2018-02-16

Vulnerability identifier: #VU10569

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-14632

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libvorbis
Universal components / Libraries / Libraries used by multiple products

Vendor: xiph.org

Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0. A remote attacker can supply specially crafted files, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libvorbis: 1.3.5

External links
https://gitlab.xiph.org/xiph/vorbis/issues/2328

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Fedora 29 update for mingw-libvorbis
Fedora 28 update for libvorbis
Arch Linux update for lib32-libvorbis
Slackware Linux update for libvorbis
Arch Linux update for libvorbis
Memory corruption in libvorbis (Alpine package)
Debian update for libvorbis
Ubuntu update for libvorbis