AIKIDO-2025-10984
xiph.ogg is vulnerable to Integer Overflow
28
Low Risk
This Affects:
xiph.oggTL;DR
Affected versions of this package are vulnerable to an integer overflow vulnerability via the ogg_sync_buffer function, where a long type variable (newsize) could exceed the maximum value storable in an int (oy->storage), causing the internal buffer allocation to succeed. Still, the stored buffer size overflows and wraps to a small value. An attacker could exploit this vulnerability by providing crafted input that triggers the overflow, resulting in a mismatch between the actual allocated buffer size and the recorded storage value. It could then cause subsequent operations to write beyond the allocated buffer's bounds, resulting in a heap-based buffer overflow, application crash, or arbitrary code execution. The patched code mitigates this by adding a check (if(size>INT_MAX-4096-oy->fill)) to fail safely before the overflow can occur.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
xiph.ogg is vulnerable to Integer Overflow in versions 1.1.1 - 1.3.4.
How to fix this
Upgrade the xiph.ogg library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant