CVE-2018-1000050

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
stb_vorbis_projectstb_vorbis
𝑥
≤ 1.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libstb
bullseye
0.0~git20200713.b42009b+ds-1
fixed
bookworm
0.0~git20220908.8b5f1f3+ds-1
fixed
sid
0.0~git20240715.f7f20f39fe4f+ds-1
fixed
trixie
0.0~git20240715.f7f20f39fe4f+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libstb
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab
https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab