CVE-2019-13217

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-13217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13217.json

Related

DLA-3305-1

Published

2019-08-15T17:15:12Z

Modified

2023-02-02T18:32:42Z

Details

A heap buffer overflow in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

References

https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
https://github.com/nothings/stb/commits/master/stb_vorbis.c
http://nothings.org/stb_vorbis/

Affected packages

Git / github.com/nothings/stb

Affected ranges

Type: GIT
Repo: https://github.com/nothings/stb
Events: Introduced

0The exact introduced commit is unknown

Fixed

98fdfc6df88b1e34a736d5e126e6c8139c8de1a6