{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43361", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T19:37:23.709Z", "dateReserved": "2023-09-18T00:00:00", "datePublished": "2023-10-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-27T03:06:25.268426"}, "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/xiph/vorbis-tools/issues/41"}, {"url": "https://github.com/xiph/vorbis-tools"}, {"url": "https://github.com/xiph/vorbis"}, {"url": "https://xiph.org/vorbis/"}, {"name": "FEDORA-2024-faff3dd9d6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/"}, {"name": "FEDORA-2024-5f8da7c1f1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:37:23.709Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/xiph/vorbis-tools/issues/41", "tags": ["x_transferred"]}, {"url": "https://github.com/xiph/vorbis-tools", "tags": ["x_transferred"]}, {"url": "https://github.com/xiph/vorbis", "tags": ["x_transferred"]}, {"url": "https://xiph.org/vorbis/", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-faff3dd9d6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/"}, {"name": "FEDORA-2024-5f8da7c1f1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xiph:vorbis-tools:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CA9C03F-AF50-4E6F-B972-F1B3BF87CEB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files."}, {"lang": "es", "value": "La vulnerabilidad de desbordamiento de b\u00fafer en Vorbis-tools v.1.4.2 permite a un atacante local ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio durante la conversi\u00f3n de archivos wav a archivos ogg."}], "id": "CVE-2023-43361", "lastModified": "2024-01-27T03:15:07.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-02T21:15:34.520", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/xiph/vorbis"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/xiph/vorbis-tools"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/xiph/vorbis-tools/issues/41"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://xiph.org/vorbis/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3095", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "vorbis-tools-1:1.4.0-29.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}], "bugzilla": {"description": "vorbis-tools: Buffer Overflow vulnerability", "id": "2242151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242151"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.", "A buffer overflow vulnerability was found in vorbis-tools. This flaw allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of WAV files to OGG files."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-43361", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "vorbis-tools", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "vorbis-tools", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-10-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-43361\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-43361"], "statement": "This vulnerability was marked as Moderate as it requires a privileged local user to get access into the system.", "threat_severity": "Moderate"}