CVE-2023-45680

Name of the Vulnerable Software and Affected Versions stb vorbis (affected versions not specified)

Description The issue is related to a memory allocation failure in the start decoder function when processing a crafted ogg vorbis file. This failure causes the function to return early, setting f->comment list to NULL but not resetting f->comment list length. Later, in the vorbis deinit function, it attempts to dereference the NULL pointer, potentially leading to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.