Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Off-by-one heap buffer write in start_decoder in stb_vorbis
Vulnerability Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
stb_vorbis 缓冲区错误漏洞
Vulnerability Description
stb_vorbis是一款开源的用于解码ogg vorbis文件的音频解码器。 stb_vorbis 存在安全漏洞,该漏洞源于精心制作的文件可能会触发“start_decoder”中的缓冲区写入,因为“m->submaps”最多可以为 16,但“submap_floor”和“submap_residue”被声明为包含 15 个元素的数组。
CVSS Information
N/A
Vulnerability Type
N/A