Vulnerability Details CVE-2018-1000050
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-1000050
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.90
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.91
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.92
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.93
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.94
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.95
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.96
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.97
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.98
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.990
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.997
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.998
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.999
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9997
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9998
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9999
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.0
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.01
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.02
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.03
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.04
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.05
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.06
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.07
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.08
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.09
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.10
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.11
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.12