Vulnerabilities > Xiph ORG > Libvorbis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-26 | CVE-2020-20412 | Improper Validation of Array Index vulnerability in multiple products lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. | 6.5 |
| 2017-09-21 | CVE-2017-14633 | Out-of-bounds Read vulnerability in multiple products In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | 6.5 |
| 2017-07-31 | CVE-2017-11333 | NULL Pointer Dereference vulnerability in Xiph.Org Libvorbis 1.3.5 The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | 5.5 |