Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.11 views

CVE-2023-45676

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

7.8CVSS7.4AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.3 views

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

7.8CVSS7.4AI score0.00518EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-45681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in...

7.8CVSS7.4AI score0.00518EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is...

7.1CVSS6.6AI score0.0056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-45677

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The...

7.8CVSS7.2AI score0.00536EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45676

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf...

7.8CVSS7.1AI score0.00518EPSS
Exploits0References3
Mageia
Mageia
added 2024/05/21 11:17 p.m.28 views

Updated stb packages fix security vulnerabilities

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

9.8CVSS8.1AI score0.0141EPSS
Exploits1References2
NVD
NVD
added 2023/10/21 12:15 a.m.12 views

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

7.8CVSS8.7AI score0.00518EPSS
Exploits0References5
Prion
Prion
added 2023/10/21 12:15 a.m.13 views

Integer overflow

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

4.4CVSS7.8AI score0.00536EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/10/20 11:27 p.m.6 views

CVE-2023-45682 Wild address read in vorbis_decode_packet_rest in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

5.3CVSS6AI score0.0056EPSS
Exploits0References6
Rows per page
Query Builder