CVE-2026-34253
8.2 HIGHA buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread i...
Published: 2026-05-15 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
- CWE
- CWE-124
Description
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34253
- [Other]https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz
- [Other]https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153
- [Other]https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
- [Other]https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
Related CVEs
Same CWE
- CVE-2026-44631 — Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration (9.8 CRITICAL)
- CVE-2024-36343 — Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out o...
- CVE-2026-0966 — A flaw was found in libssh (8.2 HIGH)