CVE-2023-45678: Off-by-one heap buffer write in start_decoder in stb_vorbis
First published: Fri Oct 20 2023(Updated: )
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nothings STB | =1.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-45678.
What is the severity of CVE-2023-45678?
The severity of CVE-2023-45678 is high with a CVSS score of 7.8.
What software is affected by CVE-2023-45678?
The affected software is stb_vorbis version 1.22.
What is the root cause of CVE-2023-45678?
The root cause of CVE-2023-45678 is an off-by-one heap buffer write in the start_decoder function of stb_vorbis.c.
How can I fix CVE-2023-45678?
To fix CVE-2023-45678, update to a version of stb_vorbis that addresses the buffer write issue.
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/nothings
- canonical/nothings stb
- version/nothings stb/1.22