CVE-2023-45677

Name of the Vulnerable Software and Affected Versions stb vorbis (affected versions not specified)

Description The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of bounds write in f->vendor[len] = (char)'0';. This occurs when len read in start decoder is a negative number and memory allocation is successful, but the memory write is done with a negative index len. Additionally, if len is INT MAX, an integer overflow happens in f->vendor = (char*)setup malloc(f, sizeof(char) * (len+1)); and f->comment list[i] = (char*)setup malloc(f, sizeof(char) * (len+1));. This may lead to code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.