CVE-2023-45676

Name of the Vulnerable Software and Affected Versions stb vorbis (affected versions not specified)

Description The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of bounds write in f->vendor[i] = get8 packet(f);. This is caused by an integer overflow in setup malloc, where a sufficiently large value in the variable sz overflows when added to 7, resulting in a negative value that passes the maximum available memory buffer check. This may lead to code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.