lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
8.1 High
AI Score
Confidence
0.38 Low
EPSS
Percentile
97.2%