CVE-2019-13220 — Vulnetix

CVE-2019-13220 REJECTED

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

EPSS 0.16% · 36.6th percentile

Risk Scores

EPSS Score

0.16%

36.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	libstb	0

Exploit Intelligence

http://nothings.org/stb_vorbis/ (circl)
https://github.com/nothings/stb/commits/master/stb_vorbis.c (circl)
https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 (circl)
[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update (circl)

Timeline

Aug 15, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-13220 third-party-advisory
https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-13220 third-party-advisory

Open in Interactive Console →