View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-10392 severity moderate: SUSE including 305 source package names (0.3.2-1.2:libvorbis0-1.3.6-4.3.1, 0.3.2-1.2:libvorbisenc2-1.3.6-4.3.1, …), 487 product×package rows across 74 product lines (Container containers/lmcache-vllm-openai, Container containers/milvus, … (74 product lines)): Fixed 256, Known Affected 231.
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.