Nothings Stb Vorbis C
By the Year
In 2024 there have been 0 vulnerabilities in Nothings Stb Vorbis C . Last year Stb Vorbis C had 8 security vulnerabilities published. Right now, Stb Vorbis C is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 8 | 7.43 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Stb Vorbis C vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nothings Stb Vorbis C Security Vulnerabilities
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45682
7.1 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.
Out-of-bounds Read
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45681
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Integer Overflow or Wraparound
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45680
5.5 - Medium
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
NULL Pointer Dereference
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45679
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
Double-free
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45678
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45677
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45676
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45675
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nothings Stb Vorbis C or by Nothings? Click the Watch button to subscribe.
