{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.4.2" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "71687237c07cd9d5564c73990d0de45520c5bec1" } ], "repo": "https://github.com/xiph/vorbis-tools", "type": "GIT" } ] } ], "details": "Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.", "id": "CVE-2023-43361", "modified": "2026-03-13T21:48:01.666053810Z", "published": "2023-10-02T21:15:34.520Z", "references": [ { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/" }, { "type": "ADVISORY", "url": "https://xiph.org/vorbis/" }, { "type": "REPORT", "url": "https://github.com/xiph/vorbis-tools/issues/41" }, { "type": "PACKAGE", "url": "https://github.com/xiph/vorbis" }, { "type": "PACKAGE", "url": "https://github.com/xiph/vorbis-tools" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }