Main Vulnerability Database Exploits ID:3780 - Exploit for NULL pointer dereference in libvorbis - CVE-2017-11333

ID:3780 - Exploit for NULL pointer dereference in libvorbis - CVE-2017-11333

Published: August 9, 2020

Vulnerability identifier: #VU38626

Vulnerability risk: Medium

CVE-ID: CVE-2017-11333

CWE-ID: CWE-476

Exploitation vector: Remote access

Vulnerable software:
libvorbis

Link to public exploit:

https://www.exploit-db.com/exploits/42399/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.

Remediation

Install update from vendor's website.

ID:3780 - Exploit for NULL pointer dereference in libvorbis - CVE-2017-11333

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human