Memory Allocation Failure in stb_vorbis Library: Potential Code Execution Vulnerability

Memory Allocation Failure in stb_vorbis Library: Potential Code Execution Vulnerability

CVE-2023-45679 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.

Learn more about our Web Application Penetration Testing UK.