Heap Buffer Overflow in stb_vorbis Affects Nothings Products
CVE-2019-13217

7.8HIGH

Key Information:

Vendor: Stb Vorbis Project
Status: Stb Vorbis
Vendor: CVE Published:; 15 August 2019

🔔 Create Stb Vorbis Project Vulnerability Alert

What is CVE-2019-13217?

A vulnerability exists in the start_decoder function of stb_vorbis that may allow an attacker to exploit a heap buffer overflow. By utilizing a specially crafted Ogg Vorbis file, the vulnerability can lead to a denial of service or enable the execution of arbitrary code within the application's memory space. It is crucial for users and developers utilizing the stb_vorbis library to apply necessary updates and mitigate potential threats. For further details, users can refer to the security announcement by Debian LTS regarding the libstb security update.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://nothings.org/stb_vorbis/

https://github.com/nothings/stb/commits/master/stb_vorbis.c

https://github.com/nothings/stb/commit/98fdfc6df88b1e34a7...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Jul 3, 2019

JSON

Stb Vorbis Project

What is CVE-2019-13217?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.