A flaw was found in libvorbis 1.3.6. The bark_noise_hybridmp function in psy.c file in Xiph.Org has a stack-based buffer over-read which allows remote attackers to cause a denial of service via a crafted file. References: https://gitlab.xiph.org/xiph/vorbis/issues/2334
Created libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1574199] Created mingw-libvorbis tracking bugs for this issue: Affects: epel-7 [bug 1574198] Affects: fedora-all [bug 1574200]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3703 https://access.redhat.com/errata/RHSA-2019:3703
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10393