Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-45677
HistoryOct 21, 2023 - 12:15 a.m.

Integer overflow

2023-10-2100:15:00
PRIOn knowledge base
www.prio-n.com
5
integer overflow
stb_vorbis library
out of bounds write
code execution
nvd

0.001 Low

EPSS

Percentile

28.3%

JSON

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f->vendor[len] = (char)'\0';. The root cause is that if len read in start_decoder is a negative number and setup_malloc successfully allocates memory in that case, but memory write is done with a negative index len. Similarly if len is INT_MAX the integer overflow len+1 happens in f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1)); and f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));. This issue may lead to code execution.

CPENameOperatorVersion
stb_vorbis.ceq1.22

Related

debiancve 1
ubuntucve 1
cvelist 1
veracode 1
cve 1
nvd 1
freebsd 1
nessus 1
debiancve
debiancve
CVE-2023-45677
2023-10-21 00:15:09
ubuntucve
ubuntucve
CVE-2023-45677
2023-10-21 00:00:00
cvelist
cvelist
CVE-2023-45677 Heap buffer out of bounds write in start_decoder in stb_vorbis
2023-10-20 23:26:49
veracode
veracode
Out-of-Bounds Write
2023-10-24 10:40:37
cve
cve
CVE-2023-45677
2023-10-21 00:15:09
nvd
nvd
CVE-2023-45677
2023-10-21 00:15:09
freebsd
freebsd
sdl2_sound -- multiple vulnerabilities
2023-10-20 00:00:00
nessus
nessus
FreeBSD : sdl2_sound -- multiple vulnerabilities (304d92c3-00c5-11ef-bd52-080027bff743)
2024-04-24 00:00:00

0.001 Low

EPSS

Percentile

28.3%

JSON
Related for PRION:CVE-2023-45677
debiancve1ubuntucve1cvelist1veracode1cve1nvd1freebsd1nessus1