Bug 1091070 (CVE-2018-10392)

Summary: VUL-0: CVE-2018-10392: libvorbis: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate thenumber of channels, which allows remote attackers to cause a denial of service(heap-based buffer overflow or over-read) or p
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/204942/
Whiteboard: CVSSv3:SUSE:CVE-2018-10392:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2018-10392:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv2:NVD:CVE-2018-10392:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2018-10392:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-04-26 12:37:07 UTC 
CVE-2018-10392

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the
number of channels, which allows remote attackers to cause a denial of service
(heap-based buffer overflow or over-read) or possibly have unspecified other
impact via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10392
https://gitlab.xiph.org/xiph/vorbis/issues/2335
Comment 2 Takashi Iwai 2018-06-05 08:15:01 UTC 
Why this is a security issue at all...?
Comment 4 Takashi Iwai 2018-06-05 10:48:15 UTC 
Backported to all relevant branches in anyway.
Comment 6 Swamp Workflow Management 2018-06-06 11:28:40 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-06-20.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64048
Comment 7 Swamp Workflow Management 2018-06-06 13:08:30 UTC 
SUSE-SU-2018:1563-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1091070
CVE References: CVE-2018-10392
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libvorbis-1.2.0-79.20.14.1
SUSE Linux Enterprise Server 11-SP4 (src):    libvorbis-1.2.0-79.20.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libvorbis-1.2.0-79.20.14.1
Comment 8 Swamp Workflow Management 2018-06-07 13:08:02 UTC 
SUSE-SU-2018:1565-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1091070
CVE References: CVE-2018-10392
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libvorbis-1.3.3-10.14.1
SUSE Linux Enterprise Server 12-SP3 (src):    libvorbis-1.3.3-10.14.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libvorbis-1.3.3-10.14.1
Comment 9 Swamp Workflow Management 2018-06-09 13:08:36 UTC 
openSUSE-SU-2018:1622-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1091070
CVE References: CVE-2018-10392
Sources used:
openSUSE Leap 42.3 (src):    libvorbis-1.3.3-17.1
Comment 10 Swamp Workflow Management 2018-07-05 10:14:26 UTC 
SUSE-SU-2018:1885-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1091070
CVE References: CVE-2018-10392
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    libvorbis-1.3.6-4.3.1
Comment 11 Swamp Workflow Management 2018-07-13 22:08:07 UTC 
openSUSE-SU-2018:1953-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1091070
CVE References: CVE-2018-10392
Sources used:
openSUSE Leap 15.0 (src):    libvorbis-1.3.6-lp150.3.3.1, libvorbis-doc-1.3.6-lp150.3.3.1
Comment 12 Marcus Meissner 2018-09-10 13:46:42 UTC 
released