What is GHSA-45fh-4474-xc77?

GHSA-45fh-4474-xc77 is a security advisory published by GitHub Security Advisories with High severity. A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools...

Which CVE IDs does GHSA-45fh-4474-xc77 cover?

GHSA-45fh-4474-xc77 covers the following CVE IDs: CVE-2026-34253. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-45fh-4474-xc77?

GHSA-45fh-4474-xc77 has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-45fh-4474-xc77HighCVSS 8.2

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-34253 →

📋 Description

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-34253
https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz
https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153
https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
https://github.com/advisories/GHSA-45fh-4474-xc77