Lucene search
PRIOn knowledge basePRION:CVE-2023-45682HistoryOct 21, 2023 - 12:15 a.m.
Out-of-bounds
2023-10-2100:15:00
PRIOn knowledge base
www.prio-n.com
5
library
crafted files
out-of-bounds read
memory leak
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODE_RAW a negative var is a valid value. This issue may be used to leak internal memory allocation information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| stb_vorbis.c | eq | 1.22 |
References
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c
securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
Related
nvd
nvd
CVE-2023-45682
2023-10-21 00:15:09
veracode
veracode
Out Of Bounds Read
2023-10-26 06:13:24
debiancve
debiancve
CVE-2023-45682
2023-10-21 00:15:09
cvelist
cvelist
CVE-2023-45682 Wild address read in vorbis_decode_packet_rest in stb_vorbis
2023-10-20 23:27:04
cve
cve
CVE-2023-45682
2023-10-21 00:15:09
ubuntucve
ubuntucve
CVE-2023-45682
2023-10-21 00:00:00
freebsd
freebsd
sdl2_sound -- multiple vulnerabilities
2023-10-20 00:00:00
nessus
nessus