Описание
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw was found in Nothings stb, a library used for processing audio. A remote attacker can exploit a vulnerability involving an out-of-bounds write within the start_decoder function. This issue could allow an attacker to cause the application to crash, disclose sensitive information, or corrupt data. A public exploit for this vulnerability is available.
Отчет
This Moderate impact vulnerability in the stb library, used for audio processing, allows a remote attacker to trigger an out-of-bounds write. Exploitation of this flaw, for which a public exploit exists, could lead to application crashes, sensitive information disclosure, or data corruption in applications utilizing the affected library. This primarily affects community-supported packages.
Меры по смягчению последствий
To reduce exposure, avoid processing untrusted audio files with applications that link against the nothings stb library. Implement sandboxing for applications that handle external audio input to contain potential impacts.
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in Nothings stb up to 1.22. This a ...
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS
6.3 Medium
CVSS3