VDB

CVE-2023-45675

CVE-2023-45675 PUBLISHED CVSS 6.5 MEDIUM

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.

EPSS 0.09% · 25.0th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score
0.09%
25.0th percentile

Affected Products

VendorProductVersions
nothingsstb0, 0
nothingsstb<= 1.22, <= 1.22
nothingsstb_vorbis.c1.22, 1.22, 1.22

Timeline

  • Oct 20, 2023 CVE Published
  • Oct 21, 2023 EPSS Score
  • Nov 21, 2023 EPSS Score
  • Dec 22, 2023 EPSS Score
  • Jan 22, 2024 EPSS Score
  • Feb 22, 2024 EPSS Score
  • Mar 24, 2024 EPSS Score
  • Apr 24, 2024 EPSS Score
  • May 25, 2024 EPSS Score
  • Jul 26, 2024 EPSS Score
  • Aug 26, 2024 EPSS Score
  • Sep 26, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›