mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.0 KiB
1.0 KiB
CVE-2023-45675
Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f->vendor[len] = (char)'\0';. The root cause is that if the len read in start_decoder is -1 and len + 1 becomes 0 when passed to setup_malloc. The setup_malloc behaves differently when f->alloc.alloc_buffer is pre-allocated. Instead of returning NULL as in malloc case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
POC
Reference
No PoCs from references.