Stb Vorbis Project Stb Vorbis vulnerabilities
8 known vulnerabilities affecting stb_vorbis_project/stb_vorbis.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-13222HIGHCVSS 7.1≤ 2019-03-042019-08-15
CVE-2019-13222 [HIGH] CWE-125 CVE-2019-13222: An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13220HIGHCVSS 7.1≤ 2019-03-042019-08-15
CVE-2019-13220 [HIGH] CWE-908 CVE-2019-13220: Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13221HIGHCVSS 7.8≤ 2019-03-042019-08-15
CVE-2019-13221 [HIGH] CWE-787 CVE-2019-13221: A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13217HIGHCVSS 7.8≤ 2019-03-042019-08-15
CVE-2019-13217 [HIGH] CWE-787 CVE-2019-13217: A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an atta
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13218MEDIUMCVSS 5.5≤ 2019-03-042019-08-15
CVE-2019-13218 [MEDIUM] CWE-369 CVE-2019-13218: Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker t
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13219MEDIUMCVSS 5.5≤ 2019-03-042019-08-15
CVE-2019-13219 [MEDIUM] CWE-476 CVE-2019-13219: A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an att
A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
nvd
CVE-2019-13223MEDIUMCVSS 5.5≤ 2019-03-042019-08-15
CVE-2019-13223 [MEDIUM] CWE-617 CVE-2019-13223: A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an atta
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
nvd
CVE-2018-1000050HIGHCVSS 8.8≤ 1.122018-02-09
CVE-2018-1000050 [HIGH] CWE-119 CVE-2018-1000050: Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vor
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been
nvd