Known Vulnerabilities for products from Xiph.org
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Xiph.org".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-20412 | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds check... | 6.5 - MEDIUM | 2020-12-26 | 2023-03-27 |
| CVE-2018-10393 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | 7.5 - HIGH | 2018-04-26 | 2021-11-30 |
| CVE-2018-10392 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote atta... | 8.8 - HIGH | 2018-04-26 | 2021-11-30 |
| CVE-2017-14633 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.... | 6.5 - MEDIUM | 2017-09-21 | 2020-12-07 |
| CVE-2017-14632 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_heade... | 9.8 - CRITICAL | 2017-09-21 | 2020-12-07 |
| CVE-2017-14160 | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (o... | 8.8 - HIGH | 2017-09-21 | 2021-11-30 |
| CVE-2017-11333 | The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of se... | 5.5 - MEDIUM | 2017-07-31 | 2019-10-03 |
| CVE-2008-2009 | Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to caus... | 4.3 - MEDIUM | 2008-05-16 | 2019-10-29 |
| CVE-2008-1423 | Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attac... | 9.3 - HIGH | 2008-05-16 | 2017-09-29 |
| CVE-2008-1420 | Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote a... | 6.8 - MEDIUM | 2008-05-16 | 2018-10-03 |
| CVE-2008-1419 | Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to... | 4.3 - MEDIUM | 2008-05-16 | 2017-09-29 |
| CVE-2007-4066 | Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service o... | 4.3 - MEDIUM | 2007-09-21 | 2017-09-29 |
| CVE-2007-4065 | lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of ... | 4.3 - MEDIUM | 2007-09-21 | 2017-09-29 |
Known software with vulnerabilities from Xiph.org
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Xiph.org | Libvorbis | 1.0 |