vulnerability

FreeBSD: VID-64ee858e-e035-4bb4-9c77-2468963dddb8 (CVE-2017-14633): libvorbis -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Mar 16, 2018	Mar 17, 2018	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Mar 16, 2018

Added

Mar 17, 2018

Modified

Dec 10, 2025

Description

NVD reports: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

Solution

freebsd-upgrade-package-libvorbis

References

CVE-2017-14633
https://attackerkb.com/topics/CVE-2017-14633
CWE-125

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today