Debian Libstb vulnerabilities

CVE-2026-5186 [MEDIUM] CVE-2026-5186: libstb - A weakness has been identified in Nothings stb up to 2.30. This impacts the func... A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about thi

CVE-2026-5185 [MEDIUM] CVE-2026-5185: libstb - A security flaw has been discovered in Nothings stb_image up to 2.30. This affec... A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was

CVE-2026-5313 [MEDIUM] CVE-2026-5313: libstb - A vulnerability has been found in Nothings stb up to 2.30. This issue affects th... A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but

CVE-2026-5317 [MEDIUM] CVE-2026-5317: libstb - A security flaw has been discovered in Nothings stb up to 1.22. This affects the... A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in

CVE-2026-5316 [MEDIUM] CVE-2026-5316: libstb - A vulnerability was identified in Nothings stb up to 1.22. The impacted element ... A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any w

CVE-2026-5315 [MEDIUM] CVE-2026-5315: libstb - A vulnerability was determined in Nothings stb up to 1.26. The affected element ... A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about

CVE-2026-5314 [MEDIUM] CVE-2026-5314: libstb - A vulnerability was found in Nothings stb up to 1.26. Impacted is the function s... A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this dis

CVE-2025-3409 [MEDIUM] CVE-2025-3409: libstb - A vulnerability classified as critical has been found in Nothings stb up to f056... A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases a

CVE-2025-3407 [MEDIUM] CVE-2025-3407: libstb - A vulnerability was found in Nothings stb up to f056911. It has been declared as... A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery.

CVE-2025-3408 [MEDIUM] CVE-2025-3408: libstb - A vulnerability was found in Nothings stb up to f056911. It has been rated as cr... A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CVE-2025-3406 [MEDIUM] CVE-2025-3406: libstb - A vulnerability was found in Nothings stb up to f056911. It has been classified ... A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delive

CVE-2023-47212 [CRITICAL] CVE-2023-47212: libstb - A heap-based buffer overflow vulnerability exists in the comment functionality o... A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-45664 [HIGH] CVE-2023-45664: libstb - stb_image is a single file MIT licensed library for processing images. A crafted... stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null poin

CVE-2023-45679 [HIGH] CVE-2023-45679: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code executi

CVE-2023-45677 [HIGH] CVE-2023-45677: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly i

CVE-2023-45681 [HIGH] CVE-2023-45681: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflo

CVE-2023-45676 [HIGH] CVE-2023-45676: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check.

CVE-2023-45666 [HIGH] CVE-2023-45666: libstb - stb_image is a single file MIT licensed library for processing images. It may l... stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly

CVE-2023-45678 [MEDIUM] CVE-2023-45678: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. Scope: local bookworm: open bullseye: open forky: open sid:

CVE-2023-45667 [MEDIUM] CVE-2023-45667: libstb - stb_image is a single file MIT licensed library for processing images. If `stbi... stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized