CVE-2026-34253

High

Published: 15 May 2026

Published

15 May 2026

Modified

15 May 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0007 22.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34253 is a high-severity Buffer Underflow (CWE-124) vulnerability in Xiph (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that…

can cause application crashes and potentially allow code execution.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-124

Affected Products

Xiph

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://github.com/xiph/vorbis-tools/archive/refs/tags/v1.4.3.tar.gz
cve@mitre.org
https://github.com/xiph/vorbis-tools/blob/0b3fbf42eb3897d32f4a75baa2dc915a4ca45e8e/ogg123/remote.c#L153
cve@mitre.org
https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
cve@mitre.org
https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
134c704f-9b21-4f2e-91b3-4a467353bcc0