CVE-2023-43361 — Out-of-bounds Write in Vorbis-tools

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xiph Vorbis-tools Debian Vorbis-tools

Timeline

PublishedOct 2

Description

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/vorbis-tools< vorbis-tools 1.4.3-1 (forky)

▶Debianxiph/vorbis-tools< 1.4.3-1+1

▶NVDxiph/vorbis-tools1.4.2

🔴Vulnerability Details

GHSA

GHSA-pg6h-8jmj-9wx8: Buffer Overflow vulnerability in Vorbis-tools v↗2023-10-02

▶

OSV

CVE-2023-43361: Buffer Overflow vulnerability in Vorbis-tools v↗2023-10-02

▶

📋Vendor Advisories

Red Hat

vorbis-tools: Buffer Overflow vulnerability↗2023-10-02

▶

Debian

CVE-2023-43361: vorbis-tools - Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to...↗2023

▶