CVE-2019-13219

MEDIUM

Stb Vorbis < 2019-03-04 - NULL Pointer Dereference

Title source: rule

Description

A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

References (4)

Core 4

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html

Product

http://nothings.org/stb_vorbis/

Patch

https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6

Patch

https://github.com/nothings/stb/commits/master/stb_vorbis.c

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

debian/debian_linux 10.0

stb_vorbis_project/stb_vorbis < 2019-03-04

Published Aug 15, 2019

Tracked Since Feb 18, 2026