2278401 – (CVE-2023-47212) CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability

Bug 2278401 (CVE-2023-47212) - CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability

Summary: CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerabi...

Keywords:
Status:	NEW
Alias:	CVE-2023-47212
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2278402 2278403
Blocks:
TreeView+	depends on / blocked

Reported:	2024-05-01 20:11 UTC by Robb Gatica
Modified:	2025-01-27 11:41 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-05-01 20:11:45 UTC

A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846

Comment 1 Robb Gatica 2024-05-01 20:12:00 UTC

Created stb tracking bugs for this issue:

Affects: epel-all [bug 2278403]
Affects: fedora-all [bug 2278402]

Comment 2 Kimberly Snider 2024-12-12 10:57:55 UTC Comment hidden (spam)

To exploit this vulnerability, a malicious file can be supplied by an attacker. https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846 https://watermelon-game.co

Note You need to log in before you can comment on or make changes to this bug.