Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11331Improper Restriction of Operations within the Bounds of a Memory Buffer in Vorbis-tools

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
1.9%
top 16.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Xiph Vorbis-toolsDebian Vorbis-tools
Timeline
PublishedJul 31
Latest updateMay 13

Description

The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianxiph/vorbis-tools< 1.4.3-1+1
debiandebian/vorbis-tools< vorbis-tools 1.4.3-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-h9jm-c7jx-hrg8: The wav_open function in oggenc/audio2022-05-13
OSV
CVE-2017-11331: The wav_open function in oggenc/audio2017-07-31

💥Exploits & PoCs

1
Exploit-DB
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service2017-07-31

📋Vendor Advisories

2
Red Hat
vorbis-tools: Invalid memory allocation in wav_open function in oggenc/audio.c2017-07-30
Debian
CVE-2017-11331: vorbis-tools - The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows re...2017

💬Community

2
Bugzilla
CVE-2017-11331 vorbis-tools: Invalid memory allocation in wav_open function in oggenc/audio.c [fedora-all]2017-08-11
Bugzilla
CVE-2017-11331 vorbis-tools: Invalid memory allocation in wav_open function in oggenc/audio.c2017-08-11