suse · CVE-2018-10392

Quick triage

Priority: medium Published: 2021-05-30 14:12:40 UTC Updated: 2026-04-17 15:27:39 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-10392 severity moderate: SUSE including 305 source package names (0.3.2-1.2:libvorbis0-1.3.6-4.3.1, 0.3.2-1.2:libvorbisenc2-1.3.6-4.3.1, …), 487 product×package rows across 74 product lines (Container containers/lmcache-vllm-openai, Container containers/milvus, … (74 product lines)): Fixed 256, Known Affected 231.

Description:

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

cvelogic Threat Intelligence