Mozilla Foundation Security Advisory 2018-08
Out of bounds memory write while processing Vorbis audio data
- Announced
- March 16, 2018
- Impact
- critical
- Products
- Firefox, Firefox ESR
- Fixed in
-
- Firefox 59.0.1
- Firefox ESR 52.7.2
#CVE-2018-5146: Out of bounds memory write in libvorbis
- Reporter
- Richard Zhu via Trend Micro's Zero Day Initiative
- Impact
- critical
Description
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
References
#CVE-2018-5147: Out of bounds memory write in libtremor
- Reporter
- Huzaifa Sidhpurwala
- Impact
- critical
Description
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.