CVE-2018-1000050 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Vorbis Project STB Vorbis

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 29.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

STB Vorbis Project STB Vorbis Debian Libstb

Timeline

PublishedFeb 9

Latest updateMay 14

Description

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDstb_vorbis_project/stb_vorbis1.12

▶debiandebian/libstb

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g4c6-5qcw-3c6v: Sean Barrett stb_vorbis version 1↗2022-05-14

▶

OSV

CVE-2018-1000050: Sean Barrett stb_vorbis version 1↗2018-02-09

▶

📋Vendor Advisories

Debian

CVE-2018-1000050: libstb - Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vuln...↗2018

▶