mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbis-dbg" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbis-dev" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbis-dev-dbgsym" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbis0a" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbis0a-dbgsym" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbisenc2" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbisenc2-dbgsym" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbisfile3" }, { "binary_version": "1.3.5-3ubuntu0.2+esm1", "binary_name": "libvorbisfile3-dbgsym" } ] }