Vulnerabilities > Xiph ORG > Libvorbis > 1.3.6

DATE CVE VULNERABILITY TITLE RISK
2018-04-26 CVE-2018-10393 Out-of-bounds Read vulnerability in multiple products
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
network
low complexity
xiph-org debian redhat CWE-125
5.0
2018-04-26 CVE-2018-10392 Out-of-bounds Write vulnerability in multiple products
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
6.8