Description
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
References (1)
Core 1
Core References
Patch x_refsource_confirm
https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab
Scores
CVSS v3
8.8
EPSS
0.0065
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
stb_vorbis_project/stb_vorbis
< 1.12
Published
Feb 09, 2018
Tracked Since
Feb 18, 2026