Vulnerability Details : CVE-2017-14632

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

Vulnerability category: OverflowExecute code

Published 2017-09-21 07:29:00

Updated 2020-12-07 20:26:22

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-14632

Probability of exploitation activity in the next 30 days: 3.64%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-14632

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-14632

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-14632

https://gitlab.xiph.org/xiph/vorbis/issues/2328

(CVE-2017-14632)call oggpack_writeclear() with uninitialized stack var opb in function vorbis_analysis_headerout() when vi->channels<=0 in libvorbis 1.3.5 (#2328) · Issues · Xiph.Org / Vorbis · GitLab
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html

[SECURITY] [DLA 1368-1] libvorbis security update
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4113

Debian -- Security Information -- DSA-4113-1 libvorbis
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3569-1/

USN-3569-1: libvorbis vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2017-14632

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions
Xiph.org » Libvorbis » Version: 1.3.5
cpe:2.3:a:xiph.org:libvorbis:1.3.5:*:*:*:*:*:*:*
Matching versions