CVE-2023-43361
published 2023-10-02CVE-2023-43361: Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of…
PriorityP432high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.45%
35.7th percentile
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vorbis-tools | < vorbis-tools 1.4.3-1 (forky) | vorbis-tools 1.4.3-1 (forky) |
| xiph | vorbis-tools | — | — |
| xiph | vorbis-tools | >= 0 < 1.4.3-1 | 1.4.3-1 |
| xiph | vorbis-tools | >= 0 < 1.4.3-1 | 1.4.3-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vorbis-tools: Buffer Overflow vulnerability
vendor_redhat·2023-10-02·CVSS 7.8
CVE-2023-43361 [HIGH] CWE-119 vorbis-tools: Buffer Overflow vulnerability
vorbis-tools: Buffer Overflow vulnerability
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files.
Statement: This vulnerability was marked as Moderate as it requires a privileged local user to get access into the system.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
P
Debian
CVE-2023-43361: vorbis-tools - Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to...
vendor_debian·2023·CVSS 7.8
CVE-2023-43361 [HIGH] CVE-2023-43361: vorbis-tools - Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to...
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.4.3-1)
sid: resolved (fixed in 1.4.3-1)
trixie: resolved (fixed in 1.4.3-1)
GHSA
GHSA-pg6h-8jmj-9wx8: Buffer Overflow vulnerability in Vorbis-tools v
ghsa_unreviewed·2023-10-02
CVE-2023-43361 [HIGH] CWE-787 GHSA-pg6h-8jmj-9wx8: Buffer Overflow vulnerability in Vorbis-tools v
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
OSV
CVE-2023-43361: Buffer Overflow vulnerability in Vorbis-tools v
osv·2023-10-02·CVSS 7.8
CVE-2023-43361 [HIGH] CVE-2023-43361: Buffer Overflow vulnerability in Vorbis-tools v
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xiph/vorbishttps://github.com/xiph/vorbis-toolshttps://github.com/xiph/vorbis-tools/issues/41https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/https://xiph.org/vorbis/https://github.com/xiph/vorbishttps://github.com/xiph/vorbis-toolshttps://github.com/xiph/vorbis-tools/issues/41https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/https://lists.fedoraproject.org/archives/list/[email protected]/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/https://lists.fedoraproject.org/archives/list/[email protected]/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/https://xiph.org/vorbis/
2023-10-02
Published