Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3960 to the following vulnerability: Name: CVE-2011-3960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3960 Assigned: 20111001 Reference: CONFIRM:http://code.google.com/p/chromium/issues/detail?id=108416 Reference: CONFIRM:http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Patch: https://trac.xiph.org/changeset/18183 https://trac.xiph.org/changeset/18184
(In reply to comment #1) > Patch: > https://trac.xiph.org/changeset/18183 > https://trac.xiph.org/changeset/18184 The above commits are not actually specific to the chrome security flaw fix. The guarding which has been added to prevent the overflow is already present in libvorbis.
Statement: Not vulnerable. This issue did not affect the versions of libvorbis as shipped with Red Hat Enterprise Linux 4, 5, and 6.
This issue does not affect the version of libvorbis as shipped with Fedora 15 and Fedora 16
(In reply to comment #2) > (In reply to comment #1) > > Patch: > > https://trac.xiph.org/changeset/18183 > > https://trac.xiph.org/changeset/18184 > > The above commits are not actually specific to the chrome security flaw fix. > The guarding which has been added to prevent the overflow is already present in > libvorbis. Just to clarify the above comment, the flaw does not affect libvorbis, because the relevant vulnerable code segment is not present in libvorbis.