A flaw was found in libvorbis 1.3.6. The mapping0_forward function in mapping0.c file in Xiph.Org does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) via a crafted file. References: https://gitlab.xiph.org/xiph/vorbis/issues/2335
Created libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1574199] Created mingw-libvorbis tracking bugs for this issue: Affects: epel-7 [bug 1574198] Affects: fedora-all [bug 1574200]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10392