Every CVE whose affected-product data names Xiph.org Libvorbis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2017-14632 — CVSS 9.8 (critical): Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in…
CVE-2008-1423 — CVSS 9.3 (critical): Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause…
CVE-2018-10392 — CVSS 8.8 (high): mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause…
CVE-2017-14160 — CVSS 8.8 (high): The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2008-1420 — CVSS 6.8 (medium): Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to…
CVE-2020-20412 — CVSS 6.5 (medium): lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a…
CVE-2017-14633 — CVSS 6.5 (medium): In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may…
CVE-2017-11333 — CVSS 5.5 (medium): The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM)…
CVE-2007-4065 — CVSS 4.3 (medium): lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service…
CVE-2008-2009 — CVSS 4.3 (medium): Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of…
CVE-2008-1419 — CVSS 4.3 (medium): Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a…
CVE-2007-4066 — CVSS 4.3 (medium): Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other…