Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
Vulnerability Description
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
双重释放
Vulnerability Title
stb_vorbis 资源管理错误漏洞
Vulnerability Description
stb_vorbis是一款开源的用于解码ogg vorbis文件的音频解码器。 stb_vorbis 存在安全漏洞,该漏洞源于精心设计的文件可能会触发“start_decoder”中的内存分配失败。
CVSS Information
N/A
Vulnerability Type
N/A