Stb Vorbis C
CVE-2023-45680
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, the f->comment_list is set to NULL, but f->comment_list_length is not reset. Later in vorbis_deinit it tries to dereference the NULL pointer. This issue may lead to denial of service.
AnalysisAI
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, the f->comment_list is set to NULL, but f->comment_list_length is not reset. Later in vorbis_deinit it tries to dereference the NULL pointer. This issue may lead to denial of service. Affected products include: Nothings Stb Vorbis.C.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
More in Stb Vorbis C
View allstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this v
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.1), this v
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today