CVE-2019-13222 - OpenCVE

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Stb Vorbis Project	Stb Vorbis
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:stb_vorbis_project:stb_vorbis:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
http://nothings.org/stb_vorbis/	Product
https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6	Patch
https://github.com/nothings/stb/commits/master/stb_vorbis.c	Patch
https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-15T00:00:00

Updated: 2023-01-31T00:00:00

Reserved: 2019-07-03T00:00:00

Link: CVE-2019-13222

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-08-15T17:15:13.253

Modified: 2023-02-16T19:23:46.410

Link: CVE-2019-13222

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stb_vorbis_project:stb_vorbis:*:*:*:*:*:*:*:*", "matchCriteriaId": "258E6E77-C719-4D22-885D-61CEE1EB8844", "versionEndIncluding": "2019-03-04", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file."}, {"lang": "es", "value": "Una lectura fuera de l\u00edmites de un b\u00fafer global en la funci\u00f3n draw_line en stb_vorbis hasta el 04-03-2019, permite a un atacante causar una denegaci\u00f3n de servicio o divulgar informaci\u00f3n confidencial mediante la apertura de un archivo Ogg Vorbis dise\u00f1ado."}], "id": "CVE-2019-13222", "lastModified": "2023-02-16T19:23:46.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-15T17:15:13.253", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://nothings.org/stb_vorbis/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/nothings/stb/commits/master/stb_vorbis.c"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}