Bug 1480645 (CVE-2017-11735)

Summary: CVE-2017-11735 libvorbis: NULL pointer dereference in vorbis_block_clear function in lib/block.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: ajax, erik-fedora, hdegoede, klember, tuxator
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
[REJECTED CVE] A vulnerability was identified in the mp3splt package where an uninitialized structure with garbage values could be passed to libvorbis after an error was triggered on a malformed file. An attacker could exploit this by crafting a specially designed audio file that causes the application to crash instead of exiting cleanly. This issue was determined to have minimal security impact and the CVE has been rejected by MITRE.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:20:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1480648, 1480649, 1480650    
Bug Blocks:    

Description Pedro Sampaio 2017-08-11 14:54:00 UTC 
A flaw was found in libvorbis 1.3.5. The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis 1.3.5 can cause a denial of service(NULL pointer 
dereference and application crash) via a crafted ogg file.

References:

http://seclists.org/fulldisclosure/2017/Jul/82
Comment 1 Pedro Sampaio 2017-08-11 14:58:23 UTC 
Created libvorbis tracking bugs for this issue:

Affects: fedora-all [bug 1480650]


Created mingw-libvorbis tracking bugs for this issue:

Affects: epel-7 [bug 1480649]
Affects: fedora-all [bug 1480648]