CVE-2023-43361

CVE-2023-43361

Name

CVE-2023-43361

Description

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/xiph/vorbis-tools
MISC	https://github.com/xiph/vorbis-tools/issues/41
MISC	https://github.com/xiph/vorbis
MISC	https://xiph.org/vorbis/

Type

URI

MISC

https://github.com/xiph/vorbis-tools

MISC

https://github.com/xiph/vorbis-tools/issues/41

MISC

https://github.com/xiph/vorbis

MISC

https://xiph.org/vorbis/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:xiph:vorbis-tools:1.4.2:::::::*`	vorbis-tools	== None	== 1.4.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:xiph:vorbis-tools:1.4.2:*:*:*:*:*:*:*

vorbis-tools

== None

== 1.4.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
vorbis-tools	3.18-community	1.4.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
vorbis-tools	edge-community	1.4.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
vorbis-tools	3.19-community	1.4.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

vorbis-tools

3.18-community

1.4.2-r3

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

vorbis-tools

edge-community