PT-2020-15266 · Xiph.Org+2 · Libvorbis+2
Blbiop
·
Published
2018-06-06
·
Updated
2023-03-27
·
CVE-2020-20412
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libvorbis versions prior to 1.3.6
StepMania version 5.0.12
Description
The issue is related to insufficient array bounds checking in libvorbis, which can be exploited via a crafted OGG file. This affects products using libvorbis, including StepMania.
Recommendations
For libvorbis versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.
For StepMania version 5.0.12, consider updating to a version that uses an updated libvorbis library, or apply any available patches from the vendor.
Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Stepmania
Libvorbis