A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Debian Bug report logs -
#1070394
libstb: CVE-2023-47212
Package:
src:libstb;
Maintainer for src:libstb is Yangfl <mmyangfl@gmailcom>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Sat, 4 May 2024 18:42:01 UTC
Severity: important
Tags: security, upstream
Reply or subscribe to this bug
Toggle useless ...