Vulnerabilities > STB Vorbis Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2019-13223 | Reachable Assertion vulnerability in multiple products A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | 5.5 |
| 2019-08-15 | CVE-2019-13222 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | 7.1 |
| 2019-08-15 | CVE-2019-13221 | Out-of-bounds Write vulnerability in multiple products A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. | 7.8 |
| 2019-08-15 | CVE-2019-13220 | Use of Uninitialized Resource vulnerability in multiple products Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | 7.1 |
| 2019-08-15 | CVE-2019-13219 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | 5.5 |
| 2019-08-15 | CVE-2019-13218 | Divide By Zero vulnerability in multiple products Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | 5.5 |
| 2019-08-15 | CVE-2019-13217 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. | 7.8 |
| 2018-02-09 | CVE-2018-1000050 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in STB Vorbis Project STB Vorbis Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. | 8.8 |