Stb Vorbis.c@1.22 Security Vulnerabilities and Issues — Stb Vorbis.c@1.22 CVE List

Lucene search

NothingsStb Vorbis.c1.22

8 matches found

CVE•added 2023/10/21 12:15 a.m.•72 views

CVE-2023-45680

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, the f->comment_list is set to NULL, but f->comment_list_length is not reset. Later in vorbis_deinit...

5.5CVSS5.4AI score0.00022EPSS

CVE•added 2023/10/21 12:15 a.m.•63 views

CVE-2023-45676

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f->vendor[i] = get8_packet(f);. The root cause is an integer overflow in setup_malloc. A sufficiently large value in the variable sz overflows with sz+7 in and the ...

7.8CVSS7.7AI score0.00051EPSS

CVE•added 2023/10/21 12:15 a.m.•59 views

CVE-2023-45677

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f->vendor[len] = (char)'\0';. The root cause is that if len read in start_decoder is a negative number and setup_malloc successfully allocates memory in that case, ...

7.8CVSS7.5AI score0.00052EPSS

CVE•added 2023/10/21 12:15 a.m.•57 views

CVE-2023-45678

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in start_decoder because at maximum m->submaps can be 16 but submap_floor and submap_residue are declared as arrays of 15 elements. This issue may lead to code executi...

7.8CVSS7.2AI score0.0008EPSS

CVE•added 2023/10/21 12:15 a.m.•41 views

CVE-2023-45675

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f->vendor[len] = (char)'\0';. The root cause is that if the len read in start_decoder is -1 and len + 1 becomes 0 when passed to setup_malloc. The setup_malloc beha...

7.8CVSS7.2AI score0.00078EPSS

CVE•added 2023/10/21 12:15 a.m.•40 views

CVE-2023-45679

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, but some of the pointers in f->comment_list are left initialized and later setup_free is called on the...

7.8CVSS7.4AI score0.00051EPSS

CVE•added 2023/10/21 12:15 a.m.•38 views

CVE-2023-45681

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in start_decoder. The root cause is a potential integer overflow in sizeof(char*) * (f->comment_list_length) which may make setup_malloc allocat...

7.8CVSS7.7AI score0.00051EPSS

CVE•added 2023/10/21 12:15 a.m.•36 views

CVE-2023-45682

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODE_RAW a negative var is a valid value. This issue may be used to leak internal memory all...

7.1CVSS5.7AI score0.00023EPSS