vulnerability

Amazon Linux AMI: CVE-2018-5146: Security patch for libvorbis (ALAS-2018-981)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Mar 29, 2018	Mar 2, 2020	Oct 14, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Mar 29, 2018

Added

Mar 2, 2020

Modified

Oct 14, 2022

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Solution

amazon-linux-upgrade-libvorbis

References

AMAZON-ALAS-2018-981
UBUNTU-USN-3545-1
UBUNTU-USN-3599-1
UBUNTU-USN-3604-1
NVD-CVE-2018-5146

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report