libvorbis (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package libvorbis, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2017-14632 — CVSS 9.8 (critical): Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in…
CVE-2017-14160 — CVSS 8.8 (high): The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2018-10392 — CVSS 8.8 (high): mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause…
CVE-2018-5146 — CVSS 8.8 (high): An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects…
CVE-2017-14633 — CVSS 6.5 (medium): In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may…