CVE-2023-43361 – vorbis-tools: Buffer Overflow vulnerability

https://notcve.org/view.php?id=CVE-2023-43361

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. La vulnerabilidad de desbordamiento de búfer en Vorbis-tools v.1.4.2 permite a un atacante local ejecutar código arbitrario y provocar una denegación de servicio durante la conversión de archivos wav a archivos ogg. A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files. • https://github.com/xiph/vorbis https://github.com/xiph/vorbis-tools https://github.com/xiph/vorbis-tools/issues/41 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN https://xiph.org/vorbis https://access.redhat.com/security/cve/CVE-2023-43361 https://bugzilla.redhat.com/show_bug.cgi?id=2242151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •