Recent Releases

1.3.704 Jul 2020 18:45 minor bugfix: CVE-2018-10393 - out-of-bounds read encoding very low sample rates. CVE-2017-14160 - out-of-bounds read encoding very low sample rates. Handling invalid bytes per sample arguments. Handling invalid channel count arguments. Invalid free on seek failure. Negative shift reading blocksize. Accepting unreasonable float32 values. Tag comparison depending on locale. Unnecessarily linking libm. Memory leak in test_sharedbook. Update Visual Studio projects for ogg library filename change. Distribute CMake build files with the source package. Remove unnecessary configure --target switch. Add gitlab CI support. Add OSS-Fuzz support. Build system and integration updates.
1.3.603 Oct 2019 05:57 security: Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. Fix CVE-2017-14632 - free() on unitialized data Fix CVE-2017-14633 - out-of-bounds read Fix bitrate metadata parsing. Fix out-of-bounds read in codebook parsing. Fix residue vector size in Vorbis I spec. Appveyor support Travis CI support Add secondary CMake build system. Build system fixes
1.3.510 Mar 2015 03:25 minor bugfix: Tolerate single-entry codebooks. Fix decoder crash with invalid input. Fix encoder crash with non-positive sample rates. Fix issues in vorbisfile's seek bisection code. Spec errata. Reject multiple headers of the same type. Various build fixes and code cleanup.