CVE-2018-1000050

Published: Feb 9, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.

Affected (1)

Products: Stb Vorbis Project: Stb Vorbis

Stb Vorbis Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stb Vorbis Project Stb Vorbis	Up to 1.12

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab

Source: cve@mitre.org

Patch

https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.