Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11333NULL Pointer Dereference in Libvorbis

CWE-476NULL Pointer DereferenceCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
2.4%
top 14.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xiph.org Libvorbis
Timeline
PublishedJul 31
Latest updateMay 13

Description

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianxiph.org/libvorbis< 1.3.5-4.1+3

🔴Vulnerability Details

3
GHSA
GHSA-f5gh-mx7q-w5hf: The vorbis_analysis_wrote function in lib/block2022-05-13
CVEList
CVE-2017-11333: The vorbis_analysis_wrote function in lib/block2017-07-31
OSV
CVE-2017-11333: The vorbis_analysis_wrote function in lib/block2017-07-31

💥Exploits & PoCs

1
Exploit-DB
libvorbis 1.3.5 - Multiple Vulnerabilities2017-07-31

📋Vendor Advisories

2
Red Hat
libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c2017-07-30
Debian
CVE-2017-11333: libvorbis - The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 al...2017

💬Community

4
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [fedora-all]2017-08-11
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 libvorbis: various flaws [fedora-all]2017-08-11
Bugzilla
CVE-2017-11333 libvorbis: Memory exhaustion in vorbis_analysis_wrote function in lib/block.c2017-08-11
Bugzilla
CVE-2017-11333 CVE-2017-11735 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 mingw-libvorbis: various flaws [epel-7]2017-08-11
CVE-2017-11333 — NULL Pointer Dereference in Libvorbis | cvebase