Buffer Overflow in stb_vorbis Library's start_decoder Function

Buffer Overflow in stb_vorbis Library's start_decoder Function

CVE-2023-45678 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.

Learn more about our Web Application Penetration Testing UK.