CVE-2023-43361

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vorbis-tools version 1.4.2

Description The issue is related to a Buffer Overflow vulnerability that allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. This occurs due to the possibility of writing beyond the boundaries of a buffer in memory.

Recommendations For Vorbis-tools version 1.4.2, consider updating to a newer version that includes the upstream patch to fix the issue. As a temporary workaround, restrict the use of the conversion functionality from wav to ogg files until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:3095

ALT-PU-2025-2893

AZL-31037

AZL-37055

BDU:2024-02625

CESA-2024_3095

CVE-2023-43361

INFSA-2024_3095

MGASA-2023-0316

OESA-2024-2326

OPENSUSE-SU-2023_4251-1

OPENSUSE-SU-2024:13349-1

RHSA-2024:3095

RHSA-2024_3095

ROSA-SA-2024-2542

SUSE-SU-2023:4218-1

SUSE-SU-2023:4251-1

SUSE-SU-2023_4218-1

SUSE-SU-2023_4251-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

Vorbis-Tools

CVE-2023-43361

Weakness Enumeration

Related Identifiers

Affected Products

References · 43