Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45678— Off-by-one heap buffer write in start_decoder in stb_vorbis

CVSS 6.5 · Medium EPSS 0.09% · P26
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-45678

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Off-by-one heap buffer write in start_decoder in stb_vorbis
Source: NVD (National Vulnerability Database)
Vulnerability Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
stb_vorbis 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
stb_vorbis是一款开源的用于解码ogg vorbis文件的音频解码器。 stb_vorbis 存在安全漏洞,该漏洞源于精心制作的文件可能会触发“start_decoder”中的缓冲区写入,因为“m->submaps”最多可以为 16,但“submap_floor”和“submap_residue”被声明为包含 15 个元素的数组。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nothingsstb <= 1.22 -

II. Public POCs for CVE-2023-45678

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-45678

登录查看更多情报信息。

Same Patch Batch · nothings · 2023-10-20 · 14 CVEs total

CVE-2023-456817.3 HIGHOut of bounds heap buffer write in stb_vorbis
CVE-2023-456797.3 HIGHAttempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
CVE-2023-456777.3 HIGHHeap buffer out of bounds write in start_decoder in stb_vorbis
CVE-2023-456767.3 HIGHMulti-byte write heap buffer overflow in start_decoder in stb_vorbis
CVE-2023-456667.3 HIGHPossible double-free or memory leak in stbi__load_gif_main in stb_image
CVE-2023-456647.3 HIGHDouble-free in stbi__load_gif_main_outofmem in stb_image
CVE-2023-456756.5 MEDIUM0 byte write heap buffer overflow in start_decoder in stb_vorbis
CVE-2023-456626.5 MEDIUMMulti-byte read heap buffer overflow in stbi__vertical_flip in stb_image
CVE-2023-456616.5 MEDIUMWild address read in stbi__gif_load_next in stb_image
CVE-2023-456825.3 MEDIUMWild address read in vorbis_decode_packet_rest in stb_vorbis
CVE-2023-456805.3 MEDIUMNull pointer dereference in vorbis_deinit in stb_vorbis
CVE-2023-456675.3 MEDIUMNull pointer dereference because of an uninitialized variable in stb_image
CVE-2023-456635.3 MEDIUMDisclosure of uninitialized memory in stbi__tga_load in stb_image

IV. Related Vulnerabilities

Same product: stb
Same vendor: nothings
Same weakness: CWE-787

V. Comments for CVE-2023-45678

No comments yet

Leave a comment