VYPR
Unrated severityNVD Advisory· Published Oct 20, 2023· Updated Sep 11, 2024

Null pointer dereference in vorbis_deinit in stb_vorbis

CVE-2023-45680

Description

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, the f->comment_list is set to NULL, but f->comment_list_length is not reset. Later in vorbis_deinit it tries to dereference the NULL pointer. This issue may lead to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.