Lucene search

MitreCVE-2019-13221

HistoryAug 15, 2019 - 5:15 p.m.

CVE-2019-13221

2019-08-1517:15:13

CWE-787

mitre

web.nvd.nist.gov

cve-2019-13221

stack buffer overflow

compute_codewords

stb_vorbis

ogg vorbis

nvd

security vulnerability

denial of service

arbitrary code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

58.7%

JSON

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

Affected configurations

Nvd

Node

stb_vorbis_projectstb_vorbisRange≤2019-03-04

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
stb_vorbis_projectstb_vorbis*cpe:2.3:a:stb_vorbis_project:stb_vorbis:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stb_vorbis_project	stb_vorbis	*	cpe:2.3:a:stb_vorbis_project:stb_vorbis::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*