CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43281
https://notcve.org/view.php?id=CVE-2023-43281
24 Oct 2023 — Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Vulnerabilidad de Double Free en Nothings Stb Image.h v.2.28 permite a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo manipulado en la función stbi_load_gif_main. • https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45682 – Wild address read in vorbis_decode_packet_rest in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45682
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. Un archivo manipulado puede desencadenar una lectura fuera de límites en la macro `DECOD... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45681 – Out of bounds heap buffer write in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45681
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45680 – Null pointer dereference in vorbis_deinit in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45680
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45679 – Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45679
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. Un archivo manipulado puede provocar una fa... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45678 – Off-by-one heap buffer write in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45678
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. Un archivo manipulado puede desencadenar una escritura fuera del búfer en `start_decoder` porque, como máxim... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45677 – Heap buffer out of bounds write in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45677
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = ... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45676 – Multi-byte write heap buffer overflow in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45676
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45675 – 0 byte write heap buffer overflow in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45675
20 Oct 2023 — stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45667 – Null pointer dereference because of an uninitialized variable in stb_image
https://notcve.org/view.php?id=CVE-2023-45667
20 Oct 2023 — stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. Si falla `s... • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454 • CWE-476: NULL Pointer Dereference •