Division by Zero Vulnerability in stb_vorbis Library by Nothings
CVE-2019-13218

5.5MEDIUM

Key Information:

Vendor: Stb Vorbis Project
Status: Stb Vorbis
Vendor: CVE Published:; 15 August 2019

🔔 Create Stb Vorbis Project Vulnerability Alert

What is CVE-2019-13218?

A division by zero vulnerability in the predict_point function of the stb_vorbis library allows attackers to exploit crafted Ogg Vorbis files, leading to possible denial of service. By manipulating the input files, an attacker can trigger this flaw, impacting application stability and availability.

References

http://nothings.org/stb_vorbis/

https://github.com/nothings/stb/commits/master/stb_vorbis.c

https://github.com/nothings/stb/commit/98fdfc6df88b1e34a7...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Jul 3, 2019