CVE-2023-45681

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nothings:stb_vorbis.c:1.22:*:*:*:*:*:*:*

History

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N/ -

10 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66/ -

26 Oct 2023, 22:45

Type Values Removed Values Added
References (MISC) https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 - (MISC) https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 - Third Party Advisory
References (MISC) https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ - (MISC) https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ - Third Party Advisory
CPE cpe:2.3:a:nothings:stb_vorbis.c:1.22:*:*:*:*:*:*:*
CWE CWE-190
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
First Time Nothings stb Vorbis.c
Nothings

21 Oct 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-21 00:15

Updated : 2024-06-10 17:16


NVD link : CVE-2023-45681

Mitre link : CVE-2023-45681

CVE.ORG link : CVE-2023-45681


JSON object : View

Products Affected

nothings

  • stb_vorbis.c
CWE
CWE-190

Integer Overflow or Wraparound

CWE-787

Out-of-bounds Write