CVE-2018-10392

Description

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

8.8

Severity

High

Ecosystem

RPM

Publish Date

April 26, 2018

Modified Date

April 16, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Versions