Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45675— 0 byte write heap buffer overflow in start_decoder in stb_vorbis

CVSS 6.5 · Medium EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-45675

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
0 byte write heap buffer overflow in start_decoder in stb_vorbis
Source: NVD (National Vulnerability Database)
Vulnerability Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
stb_vorbis 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
stb_vorbis是一款开源的用于解码ogg vorbis文件的音频解码器。 stb_vorbis 存在安全漏洞,该漏洞源于精心设计的文件可能会触发“f->vendor[len] = (char) ;”中的越界写入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nothingsstb <= 1.22 -

II. Public POCs for CVE-2023-45675

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-45675

登录查看更多情报信息。

Same Patch Batch · nothings · 2023-10-20 · 14 CVEs total

CVE-2023-456817.3 HIGHOut of bounds heap buffer write in stb_vorbis
CVE-2023-456797.3 HIGHAttempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
CVE-2023-456777.3 HIGHHeap buffer out of bounds write in start_decoder in stb_vorbis
CVE-2023-456767.3 HIGHMulti-byte write heap buffer overflow in start_decoder in stb_vorbis
CVE-2023-456667.3 HIGHPossible double-free or memory leak in stbi__load_gif_main in stb_image
CVE-2023-456647.3 HIGHDouble-free in stbi__load_gif_main_outofmem in stb_image
CVE-2023-456786.5 MEDIUMOff-by-one heap buffer write in start_decoder in stb_vorbis
CVE-2023-456626.5 MEDIUMMulti-byte read heap buffer overflow in stbi__vertical_flip in stb_image
CVE-2023-456616.5 MEDIUMWild address read in stbi__gif_load_next in stb_image
CVE-2023-456825.3 MEDIUMWild address read in vorbis_decode_packet_rest in stb_vorbis
CVE-2023-456805.3 MEDIUMNull pointer dereference in vorbis_deinit in stb_vorbis
CVE-2023-456675.3 MEDIUMNull pointer dereference because of an uninitialized variable in stb_image
CVE-2023-456635.3 MEDIUMDisclosure of uninitialized memory in stbi__tga_load in stb_image

IV. Related Vulnerabilities

Same product: stb
Same vendor: nothings
Same weakness: CWE-787

V. Comments for CVE-2023-45675

No comments yet

Leave a comment