Vulnerabilities > CVE-2017-14633 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
xiph-org
debian
canonical
CWE-125
nessus

Summary

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0016-1.NASL
    descriptionThis update for libvorbis fixes the following issues : - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105578
    published2018-01-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105578
    titleSUSE SLES11 Security Update : libvorbis (SUSE-SU-2018:0016-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0016-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105578);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/10 13:51:46");
    
      script_cve_id("CVE-2017-14632", "CVE-2017-14633");
    
      script_name(english:"SUSE SLES11 Security Update : libvorbis (SUSE-SU-2018:0016-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libvorbis fixes the following issues :
    
      - CVE-2017-14633: out-of-bounds array read vulnerability
        exists in function mapping0_forward() could lead to
        remote denial of service (bsc#1059811)
    
      - CVE-2017-14632: Remote Code Execution upon freeing
        uninitialized memory in function
        vorbis_analysis_headerout(bsc#1059809)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14632/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14633/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180016-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?23afebec"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-libvorbis-13392=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-libvorbis-13392=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-libvorbis-13392=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvorbis");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvorbis-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libvorbis-32bit-1.2.0-79.20.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libvorbis-32bit-1.2.0-79.20.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libvorbis-1.2.0-79.20.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libvorbis-doc-1.2.0-79.20.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvorbis");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3569-1.NASL
    descriptionIt was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. (CVE-2017-14632) It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. (CVE-2017-14633). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106816
    published2018-02-14
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106816
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : libvorbis vulnerabilities (USN-3569-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3569-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106816);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2017-14632", "CVE-2017-14633");
      script_xref(name:"USN", value:"3569-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvorbis vulnerabilities (USN-3569-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libvorbis incorrectly handled certain sound
    files. An attacker could possibly use this to execute arbitrary code.
    (CVE-2017-14632)
    
    It was discovered that libvorbis incorrectly handled certain sound
    files. An attacker could use this to cause a denial of service.
    (CVE-2017-14633).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3569-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libvorbis0a package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvorbis0a");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libvorbis0a", pkgver:"1.3.2-1.3ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libvorbis0a", pkgver:"1.3.5-3ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libvorbis0a", pkgver:"1.3.5-4ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvorbis0a");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4113.NASL
    descriptionTwo vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id106852
    published2018-02-16
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106852
    titleDebian DSA-4113-1 : libvorbis - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4113. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106852);
      script_version("3.3");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-14632", "CVE-2017-14633");
      script_xref(name:"DSA", value:"4113");
    
      script_name(english:"Debian DSA-4113-1 : libvorbis - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities were discovered in the libraries of the Vorbis
    audio compression codec, which could result in denial of service or
    the execution of arbitrary code if a malformed media file is
    processed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/libvorbis"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/libvorbis"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4113"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libvorbis packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 1.3.5-4+deb9u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvorbis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"libvorbis-dbg", reference:"1.3.5-4+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libvorbis-dev", reference:"1.3.5-4+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libvorbis0a", reference:"1.3.5-4+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libvorbisenc2", reference:"1.3.5-4+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libvorbisfile3", reference:"1.3.5-4+deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1247.NASL
    descriptionAccording to the versions of the libvorbis package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An invalid free flaw was found in the way libvorbis handled processing of Ogg Vorbis format files. This flaw could potentially be used to crash an application using libvorbis by tricking the application into processing specially crafted files.(CVE-2017-14632) - An out-of-bounds read flaw was found in the way libvorbis handled processing of Ogg Vorbis format files. This flaw could potentially be used to crash an application using libvorbis by tricking the application into processing specially crafted files.(CVE-2017-14633) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134536
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134536
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libvorbis (EulerOS-SA-2020-1247)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134536);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2017-14632",
        "CVE-2017-14633"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : libvorbis (EulerOS-SA-2020-1247)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libvorbis package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An invalid free flaw was found in the way libvorbis
        handled processing of Ogg Vorbis format files. This
        flaw could potentially be used to crash an application
        using libvorbis by tricking the application into
        processing specially crafted files.(CVE-2017-14632)
    
      - An out-of-bounds read flaw was found in the way
        libvorbis handled processing of Ogg Vorbis format
        files. This flaw could potentially be used to crash an
        application using libvorbis by tricking the application
        into processing specially crafted
        files.(CVE-2017-14633)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1247
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5d220f4e");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libvorbis packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvorbis");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["libvorbis-1.3.3-8.h5"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvorbis");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_64EE858EE0354BB49C772468963DDDB8.NASL
    descriptionNVD reports : Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
    last seen2020-06-01
    modified2020-06-02
    plugin id108429
    published2018-03-19
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108429
    titleFreeBSD : libvorbis -- multiple vulnerabilities (64ee858e-e035-4bb4-9c77-2468963dddb8)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-15.NASL
    descriptionThis update for libvorbis fixes the following issues : - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-01-10
    plugin id105715
    published2018-01-10
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105715
    titleopenSUSE Security Update : libvorbis (openSUSE-2018-15)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-076-01.NASL
    descriptionNew libvorbis packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108413
    published2018-03-19
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/108413
    titleSlackware 13.37 / 14.0 / 14.1 / 14.2 / current : libvorbis (SSA:2018-076-01)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2622.NASL
    descriptionAccording to the version of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().(CVE-2017-14633) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132157
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132157
    titleEulerOS 2.0 SP3 : libvorbis (EulerOS-SA-2019-2622)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2E385F97E2.NASL
    descriptionMinGW cross compiled libvorbis 1.3.6 + various patches backported from git. This is a security fix for: CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-5146 CVE-2018-10392 CVE-2018-10393 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id121318
    published2019-01-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121318
    titleFedora 29 : mingw-libvorbis (2019-2e385f97e2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2502.NASL
    descriptionAccording to the versions of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().(CVE-2017-14633) - Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.(CVE-2017-14632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131655
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131655
    titleEulerOS 2.0 SP2 : libvorbis (EulerOS-SA-2019-2502)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1368.NASL
    descriptionSerious vulnerabilities were found in the libvorbis library, commonly used to encode and decode audio in OGG containers. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). 2017-14632 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. 2017-11333 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. 2018-5146 out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code. For Debian 7
    last seen2020-03-17
    modified2018-04-30
    plugin id109409
    published2018-04-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109409
    titleDebian DLA-1368-1 : libvorbis security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2039.NASL
    descriptionTwo issues have been found in libvorbis, a decoder library for Vorbis General Audio Compression Codec. 2017-14633 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). 2017-11333 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id132106
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132106
    titleDebian DLA-2039-1 : libvorbis security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0015-1.NASL
    descriptionThis update for libvorbis fixes the following issues : - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105577
    published2018-01-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105577
    titleSUSE SLED12 / SLES12 Security Update : libvorbis (SUSE-SU-2018:0015-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1977.NASL
    descriptionAccording to the versions of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read flaw was found in the way libvorbis handled processing of Ogg Vorbis format files. This flaw could potentially be used to crash an application using libvorbis by tricking the application into processing specially crafted files.(CVE-2017-14633) - An invalid free flaw was found in the way libvorbis handled processing of Ogg Vorbis format files. This flaw could potentially be used to crash an application using libvorbis by tricking the application into processing specially crafted files.(CVE-2017-14632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-23
    plugin id129134
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129134
    titleEulerOS 2.0 SP5 : libvorbis (EulerOS-SA-2019-1977)