Wind River Support Network

HomeDefectsLIN9-6768

Fixed

LIN9-6768 : Security Advisory - libvorbis - CVE-2018-10392

Created: May 1, 2018 Updated: Dec 3, 2018

Resolved Date: Jun 13, 2018

Found In Version: 9.0.0.15

Fix Version: 9.0.0.17

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

https://nvd.nist.gov/vuln/detail/CVE-2018-10392

Other Downloads

Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2018-10392