CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43281
https://notcve.org/view.php?id=CVE-2023-43281
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Vulnerabilidad de Double Free en Nothings Stb Image.h v.2.28 permite a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo manipulado en la función stbi_load_gif_main. • https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac https://github.com/peccc/double-stb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45682 – Wild address read in vorbis_decode_packet_rest in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45682
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. Un archivo manipulado puede desencadenar una lectura fuera de límites en la macro `DECODE` cuando `var` es negativo. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45681 – Out of bounds heap buffer write in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45681
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45680 – Null pointer dereference in vorbis_deinit in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45680
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45679 – Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45679
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. stb_vorbis es una librería de archivo único con licencia MIT para procesar archivos ogg vorbis. Un archivo manipulado puede provocar una falla en la asignación de memoria en `start_decoder`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-415: Double Free •