CVE-2023-45676

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 21, 2023

Updated: Oct 26, 2023

CWE ID 787

Summary

CVE-2023-45676 is a vulnerability affecting the stb_vorbis library, which is used for processing Ogg Vorbis files. A specially crafted file can trigger an out-of-bounds write in the function `setup_malloc`. This issue arises due to an integer overflow in the variable `sz`, which overflows by 7 bytes and results in a negative value. Despite passing the maximum available memory buffer check, this negative value leads to memory corruption and potentially code execution. The MIT-licensed library is at risk due to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s9Ng86
https://www.cve.org/CVERecord?id=CVE-2023-45676
https://nvd.nist.gov/vuln/detail/CVE-2023-45676

Back to Vulnerability Database

CVE-2023-45676

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations