Lucene search
K

12 matches found

EUVD
EUVD
added 2026/04/02 12:31 a.m.7 views

EUVD-2026-18110

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

5.3CVSS5.5AI score0.00439EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29674

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A security flaw exists in Nothings stb, specifically within the start decoder function of the stb vorbis.c file. This flaw results in an out-of-bounds write, and can be exploited remotely. The explo...

8.8CVSS6.3AI score0.00425EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49969

Malicious code in bioql PyPI...

7.8CVSS7.3AI score0.00518EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-49972

Malicious code in bioql PyPI...

7.1CVSS6.2AI score0.0056EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.4 views

CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

7.1CVSS6.5AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2023/10/21 12:15 a.m.3 views

UBUNTU-CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

7.8CVSS5.9AI score0.00518EPSS
Exploits0References7
OSV
OSV
added 2023/10/20 11:26 p.m.15 views

CVE-2023-45678 Off-by-one heap buffer write in start_decoder in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

6.5CVSS7.3AI score0.0073EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.3 views

PT-2023-29648 · Unknown +2 · Stb Vorbis +2

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue concerns a crafted file that may trigger an out of bounds read in the DECODE macro when the var is negative. According to the definition of DECODE RAW, a negative var is a vali...

7.8CVSS6.2AI score0.0056EPSS
Exploits0References30
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-13222

An out-of-bounds read of a global buffer in the drawline function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

7.1CVSS6.7AI score0.00985EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/09/23 12:0 a.m.6 views

The vulnerability of the bark_noise_hybridmp function in the psy.c component of the Vorbis multimedia library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the barknoisehybridmp function in the psy.c component of the Vorbis multimedia library relates to the issue of writing operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and...

9.3CVSS6.9AI score0.04575EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2019/08/15 5:15 p.m.2 views

UBUNTU-CVE-2019-13219

A NULL pointer dereference in the getwindow function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file...

5.5CVSS6AI score0.00961EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/08/15 12:0 a.m.2 views

PT-2019-13190 · Stb · Stb Vorbis

Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: A reachable assertion in the lookup1 values function allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Recommendations: For versions through 2019-03-04,...

8.8CVSS5.9AI score0.02069EPSS
Exploits5References49
Rows per page
Query Builder