CVE-2023-45679
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Oct 21, 2023
Updated: Oct 26, 2023
CWE ID 415
Summary
CVE-2023-45679 is a vulnerability affecting the stb_vorbis library, which is used for processing Ogg Vorbis files. A specially crafted file can cause memory allocation failure in the `start_decoder` function. Consequentially, some pointers in `f->comment_list` remain uninitialized, and when `vorbis_deinit` is called, it triggers `setup_free` on these uninitialized pointers. This issue results in code execution, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share