Stack Variable Vulnerability in STB Vorbis Audio Library
CVE-2019-13220

7.1HIGH

Key Information:

Vendor: Stb Vorbis Project
Status: Stb Vorbis
Vendor: CVE Published:; 15 August 2019

🔔 Create Stb Vorbis Project Vulnerability Alert

What is CVE-2019-13220?

The STB Vorbis audio library has a vulnerability in the start_decoder function, allowing attackers to exploit uninitialized stack variables. By opening a specially crafted Ogg Vorbis file, an attacker can cause denial of service or potentially disclose sensitive information. Users are advised to update to the latest version to mitigate this risk.

References

http://nothings.org/stb_vorbis/

https://github.com/nothings/stb/commits/master/stb_vorbis.c

https://github.com/nothings/stb/commit/98fdfc6df88b1e34a7...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Jul 3, 2019