1
PublicDateAtUSN: 2018-03-16
2
Candidate: CVE-2018-5146
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
6
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
7
https://usn.ubuntu.com/usn/usn-3599-1
8
https://usn.ubuntu.com/usn/usn-3604-1
9
https://usn.ubuntu.com/usn/usn-3545-1
11
An out of bounds memory write while processing Vorbis audio data was
12
reported through the Pwn2Own contest. This vulnerability affects Firefox <
13
59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
17
https://bugs.launchpad.net/ubuntu/+source/libvorbis/+bug/1756516
19
Discovered-by: Richard Zhu
23
upstream_firefox: released (59.0.1)
24
precise/esm_firefox: DNE
25
trusty_firefox: released (59.0.1+build1-0ubuntu0.14.04.1)
26
xenial_firefox: released (59.0.1+build1-0ubuntu0.16.04.1)
27
artful_firefox: released (59.0.1+build1-0ubuntu0.17.10.1)
28
bionic_firefox: not-affected
29
devel_firefox: not-affected
32
upstream_thunderbird: released (52.7.0)
33
precise/esm_thunderbird: DNE
34
trusty_thunderbird: released (1:52.7.0+build1-0ubuntu0.14.04.1)
35
xenial_thunderbird: released (1:52.7.0+build1-0ubuntu0.16.04.1)
36
artful_thunderbird: released (1:52.7.0+build1-0ubuntu0.17.10.1)
37
bionic_thunderbird: released (1:52.7.0+build1-0ubuntu1)
38
devel_thunderbird: released (1:52.7.0+build1-0ubuntu1)
41
upstream_firefox-esr: released (52.7.2)
42
precise/esm_firefox-esr: DNE
43
trusty_firefox-esr: DNE
44
xenial_firefox-esr: DNE
45
artful_firefox-esr: DNE
46
bionic_firefox-esr: DNE
47
devel_firefox-esr: DNE
50
upstream: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
51
upstream_libvorbis: needs-triage
52
precise/esm_libvorbis: DNE
53
trusty_libvorbis: released (1.3.2-1.3ubuntu1.2)
54
xenial_libvorbis: released (1.3.5-3ubuntu0.2)
55
artful_libvorbis: released (1.3.5-4ubuntu0.2)
56
bionic_libvorbis: not-affected (1.3.5-4.2)
57
devel_libvorbis: not-affected (1.3.5-4.2)