Lucene search

Veracode Vulnerability DatabaseVERACODE:44012

HistoryOct 26, 2023 - 10:32 a.m.

Out-of-bounds Write

2023-10-2610:32:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

out-of-bounds write

libstb.so

setup_malloc

integer overflow

crafted file

memory buffer

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

libstb.so is vulnerable to Out-of-bounds Write. The vulnerability is caused due to a function f->vendor[i] = get8_packet(f);. The root cause is an integer overflow in setup_malloc function in file stb/stb_vorbis.c in which a sufficiently large value in the variable sz overflows with sz+7 and the negative value passes the maximum available memory buffer check. An attacker can provide a crafted file triggering Out-of-bounds Write.

CPENameOperatorVersion
libstb.soeq0.0
libstb.soeq0.0

CPE	Name	Operator	Version
	libstb.so	eq	0.0
	libstb.so	eq	0.0

References

github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656

github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960

securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for VERACODE:44012