CVE-2026-34253HIGH 8.2EPSS p38.1%

CVE-2026-34253CVE-2026-34253

Description

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause application crashes and potentially allow code execution.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS0.49% probability of exploitation · percentile 38.1% · 2026-06-19T12:03:05Z
Published2026-05-15
Last modified2026-05-18

Underlying weaknesses· 1

CWE-124

References

  1. https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz
  2. https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153
  3. https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
  4. https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332

1

TypeTargetConfidenceTier
WeaknessBuffer Underwrite ('Buffer Underflow')cwe-1240%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-36937
CVE
CVE-2025-29963
CVE
CVE-2026-48574
CVE
CVE-2025-53131
CVE
CVE-2025-29964
CVE
CVE-2025-29962
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.