CVE-2023-45677 — Out-of-bounds Write in STB Vorbis.c

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

CNA7.3

EPSS

0.1%

top 84.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nothings STB Nothings STB Vorbis.c

Timeline

PublishedOct 21

Description

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->commen…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnothings/stb_vorbis.c1.22

▶CVEListV5nothings/stb1.22

🔴Vulnerability Details

OSV

CVE-2023-45677: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files↗2023-10-21

▶

CVEList

Heap buffer out of bounds write in start_decoder in stb_vorbis↗2023-10-20

▶

📋Vendor Advisories

Debian

CVE-2023-45677: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files...↗2023

▶