Unrated severityNVD Advisory· Published Oct 20, 2023· Updated Sep 12, 2024
Wild address read in vorbis_decode_packet_rest in stb_vorbis
CVE-2023-45682
Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODE_RAW a negative var is a valid value. This issue may be used to leak internal memory allocation information.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.cmitrex_refsource_MISC
- github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.cmitrex_refsource_MISC
- github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.cmitrex_refsource_MISC
- securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.