Security update for libvorbis
This update for libvorbis fixes the following issues:
The following security issue was fixed:
- Fixed the validation of channels in mapping0_forward(), which previously
allowed remote attackers to cause a denial of service via specially crafted
files (CVE-2018-10392, bsc#1091070)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Takashi Iwai (tiwai)
Fixed bugs
bnc#1091070
VUL-0: CVE-2018-10392: libvorbis: mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate thenumber of channels, which allows remote attackers to cause a denial of service(heap-based buffer overflow or over-read) or p
