Debian Libstb vulnerabilities

CVE-2023-45680 [MEDIUM] CVE-2023-45680: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead

CVE-2023-45675 [MEDIUM] CVE-2023-45675: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocat

CVE-2023-45682 [MEDIUM] CVE-2023-45682: libstb - stb_vorbis is a single file MIT licensed library for processing ogg vorbis files... stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. Scope: local bookworm: open bullseye: o

CVE-2023-45661 [MEDIUM] CVE-2023-45661: libstb - stb_image is a single file MIT licensed library for processing images. A crafted... stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. Scope: local bookworm: open bullseye: open

CVE-2023-45663 [MEDIUM] CVE-2023-45663: libstb - stb_image is a single file MIT licensed library for processing images. The stbi_... stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load

CVE-2023-43898 [MEDIUM] CVE-2023-43898: libstb - Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the f... Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-45662 [MEDIUM] CVE-2023-45662: libstb - stb_image is a single file MIT licensed library for processing images. When `stb... stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to

CVE-2022-28042 [HIGH] CVE-2022-28042: libstb - stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the... stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Scope: local bookworm: open bullseye: resolved (fixed in 0.0~git20200713.b42009b+ds-1+deb11u1) forky: resolved (fixed in 0.0~git20230129.5736b15+ds-1) sid: resolved (fixed in 0.0~git20230129.5736b15+ds-1) trixie: resolved (fixed in 0.0~git20230129.5736b15

CVE-2022-28041 [MEDIUM] CVE-2022-28041: libstb - stb_image.h v2.27 was discovered to contain an integer overflow via the function... stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Scope: local bookworm: open bullseye: resolved (fixed in 0.0~git20200713.b42009b+ds-1+deb11u1) forky: resolved (fixed in 0.0~git20230129.5736b15+ds-1) sid: r

CVE-2022-27938 [MEDIUM] CVE-2022-27938: libstb - stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other produ... stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-28048 [HIGH] CVE-2022-28048: libstb - STB v2.27 was discovered to contain an integer shift of invalid size in the comp... STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 0.0~git20230129.5736b15+ds-1) sid: resolved (fixed in 0.0~git20230129.5736b15+ds-1) trixie: resolved (fixed in 0.0~git20230129.5736b15+ds-1)

CVE-2021-28021 [HIGH] CVE-2021-28021: libstb - Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in... Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Scope: local bookworm: resolved (fixed in 0.0~git20220908.8b5f1f3+ds-1) bullseye: resolved (fixed in 0.0~git20200713.b42009b+ds-1+deb11u1) forky: resolved (fixed in 0.0~git20220908.8b5f1f3+ds-1) sid: resolved (fixed in 0.0~git20220908.8b5f1f3+ds-1) trixi

CVE-2021-42716 [HIGH] CVE-2021-42716: libstb - An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly inte... An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over

CVE-2021-37789 [HIGH] CVE-2021-37789: libstb - stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Inf... stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. Scope: local bookworm: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1) bullseye: resolved (fixed in 0.0~git20200713.b42009b+ds-1+deb11u1) forky: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1) sid: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1

CVE-2021-45340 [MEDIUM] CVE-2021-45340: libsixel - In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the st... In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.10.5-1) sid: resolved (fixed in 1.10.5-1) trixie: resolved (fixed in 1.10.5-1)

CVE-2021-42715 [MEDIUM] CVE-2021-42715: libstb - An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader par... An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. Scope: local bookworm: open bullseye: resolved (fixed in 0.0~git20200713.b420

CVE-2019-15058 [CRITICAL] CVE-2019-15058: libstb - stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in... stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. Scope: local bookworm: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1) bullseye: open forky: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1) sid: resolved (fixed in 0.0~git20210910.af1a5bc+ds-1) trixie: resolve

CVE-2019-13220 [HIGH] CVE-2019-13220: libstb - Use of uninitialized stack variables in the start_decoder function in stb_vorbis... Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fix

CVE-2019-13221 [HIGH] CVE-2019-13221: libstb - A stack buffer overflow in the compute_codewords function in stb_vorbis through ... A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fixed in 0.0~git2019

CVE-2019-13217 [HIGH] CVE-2019-13217: libstb - A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-... A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fixed in 0.0~git20190817.