Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-45681— Out of bounds heap buffer write in stb_vorbis

CVSS 7.3 · High EPSS 0.05% · P15
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-45681

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Out of bounds heap buffer write in stb_vorbis
Source: NVD (National Vulnerability Database)
Vulnerability Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
stb_vorbis 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
stb_vorbis是一款开源的用于解码ogg vorbis文件的音频解码器。 stb_vorbis 存在安全漏洞,该漏洞源于精心设计的文件可能会触发内存写入“start_decoder”中分配的堆缓冲区。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nothingsstb <= 1.22 -

II. Public POCs for CVE-2023-45681

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-45681

登录查看更多情报信息。

Same Patch Batch · nothings · 2023-10-20 · 14 CVEs total

CVE-2023-456797.3 HIGHAttempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
CVE-2023-456777.3 HIGHHeap buffer out of bounds write in start_decoder in stb_vorbis
CVE-2023-456767.3 HIGHMulti-byte write heap buffer overflow in start_decoder in stb_vorbis
CVE-2023-456667.3 HIGHPossible double-free or memory leak in stbi__load_gif_main in stb_image
CVE-2023-456647.3 HIGHDouble-free in stbi__load_gif_main_outofmem in stb_image
CVE-2023-456786.5 MEDIUMOff-by-one heap buffer write in start_decoder in stb_vorbis
CVE-2023-456756.5 MEDIUM0 byte write heap buffer overflow in start_decoder in stb_vorbis
CVE-2023-456626.5 MEDIUMMulti-byte read heap buffer overflow in stbi__vertical_flip in stb_image
CVE-2023-456616.5 MEDIUMWild address read in stbi__gif_load_next in stb_image
CVE-2023-456825.3 MEDIUMWild address read in vorbis_decode_packet_rest in stb_vorbis
CVE-2023-456805.3 MEDIUMNull pointer dereference in vorbis_deinit in stb_vorbis
CVE-2023-456675.3 MEDIUMNull pointer dereference because of an uninitialized variable in stb_image
CVE-2023-456635.3 MEDIUMDisclosure of uninitialized memory in stbi__tga_load in stb_image

IV. Related Vulnerabilities

Same product: stb
Same vendor: nothings
Same weakness: CWE-787

V. Comments for CVE-2023-45681

No comments yet

Leave a comment