Cyber Resilience

CVE-2026-34253

HighUpdated

Published: 15 May 2026

Published
15 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0052 40.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-34253 is a high-severity Buffer Underflow (CWE-124) vulnerability in Xiph (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that…

more

can cause application crashes and potentially allow code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer underflow enables arbitrary code execution via crafted input to client utility (ogg123), directly mapping to client-side exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62786Shared CWE-124
CVE-2025-27439Shared CWE-124
CVE-2025-53101Shared CWE-124
CVE-2023-25610Shared CWE-124
CVE-2026-0966Shared CWE-124
CVE-2025-27440Shared CWE-124

Affected Assets

Xiph
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References