Vulnerability Details CVE-2019-13217
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://nothings.org/stb_vorbis/
- https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
- https://github.com/nothings/stb/commits/master/stb_vorbis.c
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- http://nothings.org/stb_vorbis/
- https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6
- https://github.com/nothings/stb/commits/master/stb_vorbis.c
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
Products affected by CVE-2019-13217
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.90
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.91
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.92
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.93
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.94
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.95
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.96
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.97
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.98
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.990
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.997
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.998
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.999
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9997
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9998
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.9999
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99991
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99992
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99993
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99994
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99995
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:0.99996
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.0
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.01
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.02
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.03
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.04
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.05
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.06
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.07
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.08
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.09
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.10
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.11
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:1.12
-
cpe:2.3:a:stb_vorbis_project:stb_vorbis:2019-03-04
-
cpe:2.3:o:debian:debian_linux:10.0