Vulnerabilities > CVE-2017-11333 - NULL Pointer Dereference vulnerability in Xiph.Org Libvorbis 1.3.5

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
xiph-org
CWE-476
nessus
exploit available

Summary

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

Vulnerable Configurations

Part Description Count
Application
Xiph.Org
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionlibvorbis 1.3.5 - Multiple Vulnerabilities. CVE-2017-11333,CVE-2017-11735. Dos exploit for Linux platform. Tags: Denial of Service (DoS)
fileexploits/linux/dos/42399.txt
idEDB-ID:42399
last seen2017-07-31
modified2017-07-31
platformlinux
port
published2017-07-31
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42399/
titlelibvorbis 1.3.5 - Multiple Vulnerabilities
typedos

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2E385F97E2.NASL
    descriptionMinGW cross compiled libvorbis 1.3.6 + various patches backported from git. This is a security fix for: CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 CVE-2018-10392 CVE-2018-10393 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id121318
    published2019-01-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121318
    titleFedora 29 : mingw-libvorbis (2019-2e385f97e2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-2e385f97e2.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121318);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/23 11:21:10");
    
      script_cve_id("CVE-2017-11333", "CVE-2017-11735", "CVE-2017-14160", "CVE-2017-14632", "CVE-2017-14633", "CVE-2018-10392", "CVE-2018-10393", "CVE-2018-5146");
      script_xref(name:"FEDORA", value:"2019-2e385f97e2");
    
      script_name(english:"Fedora 29 : mingw-libvorbis (2019-2e385f97e2)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "MinGW cross compiled libvorbis 1.3.6 + various patches backported from
    git.
    
    This is a security fix for: CVE-2017-11333 CVE-2017-11735
    CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146
    CVE-2018-10392 CVE-2018-10393
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e385f97e2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-libvorbis package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-libvorbis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"mingw-libvorbis-1.3.6-2.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-libvorbis");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-0259281AB6.NASL
    descriptionSync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393, bz#1516379) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120203
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120203
    titleFedora 28 : 1:libvorbis (2018-0259281ab6)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-0259281ab6.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120203);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-11333", "CVE-2017-14160", "CVE-2018-10392", "CVE-2018-10393");
      script_xref(name:"FEDORA", value:"2018-0259281ab6");
    
      script_name(english:"Fedora 28 : 1:libvorbis (2018-0259281ab6)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sync with git (CVE-2017-14160, CVE-2018-10392, CVE-2018-10393,
    bz#1516379)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0259281ab6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:libvorbis package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:libvorbis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"libvorbis-1.3.6-3.fc28", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:libvorbis");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1368.NASL
    descriptionSerious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). 2017-14632 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. 2017-11333 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. 2018-5146 out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. For Debian 7
    last seen2020-03-17
    modified2018-04-30
    plugin id109409
    published2018-04-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109409
    titleDebian DLA-1368-1 : libvorbis security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1368-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109409);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-11333", "CVE-2017-14632", "CVE-2017-14633", "CVE-2018-5146");
    
      script_name(english:"Debian DLA-1368-1 : libvorbis security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Serious vulnerabilities were found in the libvorbis library, commonly
    used to encode and decode audio in OGG containers.
    
    2017-14633
    
    In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
    exists in the function mapping0_forward() in mapping0.c, which may
    lead to DoS when operating on a crafted audio file with
    vorbis_analysis().
    
    2017-14632
    
    Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
    uninitialized memory in the function vorbis_analysis_headerout() in
    info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
    
    2017-11333
    
    The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
    libvorbis 1.3.5 allows remote attackers to cause a denial of service
    (OOM) via a crafted wav file.
    
    2018-5146
    
    out-of-bounds memory write in the codeboook parsing code of the
    Libvorbis multimedia library could result in the execution of
    arbitrary code.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    1.3.2-1.3+deb7u1.
    
    We recommend that you upgrade your libvorbis packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/libvorbis"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis0a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbisenc2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbisfile3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libvorbis-dbg", reference:"1.3.2-1.3+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libvorbis-dev", reference:"1.3.2-1.3+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libvorbis0a", reference:"1.3.2-1.3+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libvorbisenc2", reference:"1.3.2-1.3+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libvorbisfile3", reference:"1.3.2-1.3+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2039.NASL
    descriptionTwo issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). 2017-11333 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id132106
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132106
    titleDebian DLA-2039-1 : libvorbis security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2039-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132106);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/20");
    
      script_cve_id("CVE-2017-11333", "CVE-2017-14633");
    
      script_name(english:"Debian DLA-2039-1 : libvorbis security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two issues have been found in libvorbis, a decoder library for Vorbis
    General Audio Compression Codec.
    
    2017-14633
    
    In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
    exists in the function mapping0_forward() in mapping0.c, which may
    lead to DoS when operating on a crafted audio file with
    vorbis_analysis().
    
    2017-11333
    
    The vorbis_analysis_wrote function in lib/block.c in Xiph.Org
    libvorbis 1.3.5 allows remote attackers to cause a denial of service
    (OOM) via a crafted wav file.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    1.3.4-2+deb8u3.
    
    We recommend that you upgrade your libvorbis packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libvorbis"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis0a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbisenc2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbisfile3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libvorbis-dbg", reference:"1.3.4-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libvorbis-dev", reference:"1.3.4-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libvorbis0a", reference:"1.3.4-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libvorbisenc2", reference:"1.3.4-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libvorbisfile3", reference:"1.3.4-2+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");