VYPR

Stb Vorbis.c

by Nothings

Source repositories

CVEs (15)

  • CVE-2026-5317MedApr 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used…

  • CVE-2026-5316MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…

  • CVE-2023-45682Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used…

  • CVE-2023-45681Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make…

  • CVE-2023-45680Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.…

  • CVE-2023-45678Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue…

  • CVE-2023-45676Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`…

  • CVE-2023-45675Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to…

  • CVE-2019-13222Aug 15, 2019
    risk 0.00cvss epss 0.01

    An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

  • CVE-2019-13221Aug 15, 2019
    risk 0.00cvss epss 0.01

    A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

  • CVE-2019-13218Aug 15, 2019
    risk 0.00cvss epss 0.01

    Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

  • CVE-2019-13220Aug 15, 2019
    risk 0.00cvss epss 0.01

    Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

  • CVE-2019-13219Aug 15, 2019
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

  • CVE-2019-13223Aug 15, 2019
    risk 0.00cvss epss 0.01

    A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

  • CVE-2018-1000050HigFeb 9, 2018
    risk 0.00cvss 8.8epss 0.02

    Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a…