Skip to content
Permalink
Browse files

Pwn2Own 2018 chemspill

Advisory for Pwn2Own vorbis bugs
  • Loading branch information...
Daniel Veditz Daniel Veditz
Daniel Veditz authored and Daniel Veditz committed Mar 16, 2018
1 parent a90b2b9 commit a105d00a1627b6716373df0505279c23a33a8cbb
Showing with 24 additions and 0 deletions.
  1. +24 −0 announce/2018/mfsa2018-08.yml
@@ -0,0 +1,24 @@
## mfsa2018-08.yml
announced: March 16, 2018
impact: critical
fixed_in:
- Firefox 59.0.1
- Firefox ESR 52.7.2
title: Out of bounds memory write while processing Vorbis audio data
advisories:
CVE-2018-5146:
title: Out of bounds memory write in libvorbis
impact: critical
reporter: Richard Zhu via Trend Micro's Zero Day Initiative
description: |
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
bugs:
- url: 1446062
CVE-2018-5147:
title: Out of bounds memory write in libtremor
impact: critical
reporter: Huzaifa Sidhpurwala
description: |
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.
bugs:
- url: 1446365

0 comments on commit a105d00

Please sign in to comment.
You can’t perform that action at this time.