MiracleLinux 3 : libvorbis-1.1.2-3.6.0.1.AXS3 (AXSA:2012-272:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-272:01 advisory. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrat...

EUVD-2019-4735

Malware in sbrugna...

EUVD-2019-4730

Malware in sbrugna...

EUVD-2019-4732

Malware in sbrugna...

EUVD-2019-4733

Malware in sbrugna...

EUVD-2018-1811

Malware in sbrugna...

EUVD-2009-4605

Malware in sbrugna...

EUVD-2019-4734

Malware in sbrugna...

CLSA-2025-1758041082 libsndfile: Fix of CVE-2024-50612

CVE-2024-50612: fix out-of-bounds read in vorbisanalysiswrote in oggvorbis.c...

CVE-2019-13218

Division by zero in the predictpoint function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file...

CVE-2019-13222

An out-of-bounds read of a global buffer in the drawline function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

CVE-2019-13219

A NULL pointer dereference in the getwindow function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file...

CVE-2019-13217

A heap buffer overflow in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2019-13221

A stack buffer overflow in the computecodewords function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file...

CVE-2007-6718

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service SIGSEGV and application crash via 1 a malformed MP3 file, as demonstrated by lol-mplayer.mp3; 2 a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; 3 a malformed MPEG-1 file, as demonstrated by...

Out-of-bounds Read

libsndfile.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of the vorbisanalysiswrote function in the oggvorbis.c file, which fails to validate input data, allowing an attacker to craft a malicious Vorbis file that triggers the out-of-bounds read when process...

Out-of-Bounds Write

libstb.so is vulnerable to Out-of-Bounds Writes. This vulnerability exists in the f-vendorlen = char'\0' function of stbvorbis.c because it does not properly allocate memory, which allows to an attacker to perform a heap-based buffer overflow via a crafted ogg vorbis file...

UBUNTU-CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

stb_vorbis buffer error vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from the fact that a carefully crafted file may trigger a buffer write in "startdecoder", because "m-submaps" can be at most 16, but "submapfloor" and "submapresidue"...