Veracode Vulnerability DatabaseVERACODE:43996Out Of Bounds Read
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
19.0%
stb_vorbis is vulnerable to Out of bounds Read.The vulnerability is due to the processing of ogg vorbis files using the DECODE macro. This can be exploited by the attacker by crafting a file that triggers an out of bounds read when the var is negative thus resulting in leakage of internal memory allocation.
References
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231
securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
19.0%