VYPR
Unrated severityNVD Advisory· Published Oct 20, 2023· Updated Sep 12, 2024

Wild address read in vorbis_decode_packet_rest in stb_vorbis

CVE-2023-45682

Description

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODE_RAW a negative var is a valid value. This issue may be used to leak internal memory allocation information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.