1
PublicDateAtUSN: 2017-09-21
2
Candidate: CVE-2017-14632
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
6
https://usn.ubuntu.com/usn/usn-3569-1
8
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
9
uninitialized memory in the function vorbis_analysis_headerout() in info.c
10
when vi->channels<=0, a similar issue to Mozilla bug 550184.
14
https://gitlab.xiph.org/xiph/vorbis/issues/2328
15
https://github.com/xiph/vorbis/issues/29
16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876779
17
https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/1756516
23
upstream_libvorbis: released (1.3.5-4.1)
24
precise/esm_libvorbis: DNE
25
trusty_libvorbis: released (1.3.2-1.3ubuntu1.1)
26
vivid/ubuntu-core_libvorbis: DNE
27
xenial_libvorbis: released (1.3.5-3ubuntu0.1)
28
zesty_libvorbis: ignored (reached end-of-life)
29
artful_libvorbis: released (1.3.5-4ubuntu0.1)
30
devel_libvorbis: not-affected (1.3.5-4.1)