Heap-based Buffer Overflow in libvorbis 1.3.6

Heap-based Buffer Overflow in libvorbis 1.3.6

CVE-2018-10392 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Learn more about our Web Application Penetration Testing UK.