Main Vulnerability Database SB2018100608

SB2018100608 - Stack-based buffer over-read in libvorbis (Alpine package)

Published: October 6, 2018

Security Bulletin ID SB2018100608

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Stack-based buffer over-read (CVE-ID: CVE-2018-10393)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in bark_noise_hybridmp in psy.c due to stack-based buffer over-read. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=7949785cc3641c3b10d47094891a572dc812c908
https://git.alpinelinux.org/aports/commit/?id=7ef3db11e4782e5befdfc5296254950cebc733a8
https://git.alpinelinux.org/aports/commit/?id=8b809c16866f5bb6d9311592183287272d380d83
https://git.alpinelinux.org/aports/commit/?id=236e230cd6246358743fd908f865e00da82d8eba
https://git.alpinelinux.org/aports/commit/?id=3174b496eac648ebf2f7b51b36b04461222d996b
https://git.alpinelinux.org/aports/commit/?id=5c3a29b4196039bf3682e700f57695606a6316af
https://git.alpinelinux.org/aports/commit/?id=8b92b92a3056069f49dc044edcd191c4c2a621f4
https://git.alpinelinux.org/aports/commit/?id=e84bee49c9db64d24fbd1c591d6a9a41a70a2e4b