CVSS: 8.1EPSS: 13%CPEs: 3EXPL: 0CVE-2018-18820
https://notcve.org/view.php?id=CVE-2018-18820
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. Se ha descubierto un desbordamiento de búfer en el backend de autenticación de URL en Icecast en versiones anteriores a la 2.4.4. Si el backend está habilitado, cualquier cliente HTTP malicioso puede enviar una petición para ese recurso concreto incluyendo una cabecera manipulada, lo que conduce a una denegación de servicio y a la potencial ejecución remota de código. • http://www.openwall.com/lists/oss-security/2018/11/01/3 http://www.securitytracker.com/id/1042019 https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html https://security.gentoo.org/glsa/201811-09 https://www.debian.org/security/2018/dsa-4333 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 1CVE-2018-10392 – libvorbis: heap buffer overflow in mapping0_forward function
https://notcve.org/view.php?id=CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. mapping0_forward en mapping0.c en Xiph.Org libvorbis 1.3.6 no valida el número de canales, lo que permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o sobrelectura de búfer basada en memoria dinámica o heap) o provocar cualquier otro tipo de problema mediante un archivo manipulado. A heap-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2335 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10392 https://bugzilla.redhat.com/show_bug.cgi?id=1574193 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-10393 – libvorbis: stack buffer overflow in bark_noise_hybridmp function
https://notcve.org/view.php?id=CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp en psy.c en Xiph.Org libvorbis 1.3.6 tiene una sobrelectura de búfer basada en pila. A stack-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2334 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10393 https://bugzilla.redhat.com/show_bug.cgi?id=1574194 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14160
https://notcve.org/view.php?id=CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. La función bark_noise_hybridmp en psy.c en Xiph.Org libvorbis 1.3.5 permite que atacantes remotos provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado de aplicación) o, probablemente, provocar cualquier otro tipo de impacto mediante un archivo mp4 modificado. • http://openwall.com/lists/oss-security/2017/09/21/2 http://www.securityfocus.com/bid/101045 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-14633
https://notcve.org/view.php?id=CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). En Xiph.Org libvorbis 1.3.5, existe una vulnerabilidad de lectura de array fuera de límites en la función mapping0_forward() en mapping0.c, lo que puede provocar una denegación de servicio cuando se opera con un archivo de audio manipulado con vorbis_analysis(). • https://gitlab.xiph.org/xiph/vorbis/issues/2329 https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00021.html https://usn.ubuntu.com/3569-1 https://www.debian.org/security/2018/dsa-4113 • CWE-125: Out-of-bounds Read •