Libvorbis

libvorbis

Vendor: Xiph.org • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20412 2Stepmania Xiph.org 2Libvorbis Stepmania Nov 21, 2024 Dec 26, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
CVE-2018-10393 3Debian RedhatXiph.org 6Debian Linux Enterprise LinuxEnterprise Linux Eus+3 more Nov 21, 2024 Apr 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
CVE-2018-10392 3Debian RedhatXiph.org 6Debian Linux Enterprise LinuxEnterprise Linux Eus+3 more Nov 21, 2024 Apr 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have u...Show more mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-14160 2Debian Xiph.org 2Debian Linux Libvorbis May 13, 2026 Sep 21, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a craf...Show more The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.Show less
CVE-2017-14633 3Canonical DebianXiph.org 3Debian Linux LibvorbisUbuntu Linux May 13, 2026 Sep 21, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
CVE-2017-14632 3Canonical DebianXiph.org 3Debian Linux LibvorbisUbuntu Linux May 13, 2026 Sep 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2017-11333 1Xiph.org 1Libvorbis May 13, 2026 Jul 31, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CVE-2008-2009 2Canonical Xiph.org 2Libvorbis Ubuntu Linux Apr 23, 2026 May 16, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during exe...Show more Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.Show less
CVE-2008-1423 1Xiph.org 1Libvorbis Apr 23, 2026 May 16, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with...Show more Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.Show less
CVE-2008-1420 1Xiph.org 1Libvorbis Apr 23, 2026 May 16, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.
CVE-2008-1419 1Xiph.org 1Libvorbis Apr 23, 2026 May 16, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.
CVE-2007-4066 1Xiph.org 1Libvorbis Apr 23, 2026 Sep 21, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169...Show more Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.Show less
CVE-2007-4065 1Xiph.org 1Libvorbis Apr 23, 2026 Sep 21, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.