VYPR
Unrated severityNVD Advisory· Published Oct 20, 2023· Updated Sep 12, 2024

Off-by-one heap buffer write in start_decoder in stb_vorbis

CVE-2023-45678

Description

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in start_decoder because at maximum m->submaps can be 16 but submap_floor and submap_residue are declared as arrays of 15 elements. This issue may lead to code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.