EUVD-2026-30545
GHSA-45fh-4474-xc77
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
3DescriptionNVD
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.
AnalysisAI
Buffer underflow in vorbis-tools 1.4.3's ogg123 utility allows remote attackers to crash the application or potentially execute code through malformed remote control input. The vulnerability achieves an EPSS score indicating moderate exploitation likelihood, with proof-of-concept code available according to SSVC assessment, though it has not been added to CISA's KEV catalog indicating no confirmed active exploitation.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all systems running vorbis-tools 1.4.3, particularly those exposed to untrusted network input or remote control functionality. Within 7 days: Implement network-level controls to restrict access to ogg123 remote control interfaces and disable remote control features if not operationally required. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today