Debian Libstb vulnerabilities

CVE-2019-13222 [HIGH] CVE-2019-13222: libstb - An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis... An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fix

CVE-2019-13223 [MEDIUM] CVE-2019-13223: libstb - A reachable assertion in the lookup1_values function in stb_vorbis through 2019-... A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fixed in 0.0~git20190817.1.052dce1-1) sid: resolv

CVE-2019-13219 [MEDIUM] CVE-2019-13219: libstb - A NULL pointer dereference in the get_window function in stb_vorbis through 2019... A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fixed in 0.0~git20190817.1.052dce1-1) sid: resol

CVE-2019-13218 [MEDIUM] CVE-2019-13218: libstb - Division by zero in the predict_point function in stb_vorbis through 2019-03-04 ... Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Scope: local bookworm: resolved (fixed in 0.0~git20190817.1.052dce1-1) bullseye: resolved (fixed in 0.0~git20190817.1.052dce1-1) forky: resolved (fixed in 0.0~git20190817.1.052dce1-1) sid: resolved (fi

CVE-2019-20056 [MEDIUM] CVE-2019-20056: libsixel - stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other produ... stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolved (fixed in 1.8.6-1) forky: resolved (fixed in 1.8.6-1) sid: resolved (fixed in 1.8.6-1) trixie: resolved (fixed in 1.8.6-1)

CVE-2018-16981 [HIGH] CVE-2018-16981: libstb - stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a h... stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. Scope: local bookworm: resolved (fixed in 0.0~git20190617.5.c72a95d-1) bullseye: resolved (fixed in 0.0~git20190617.5.c72a95d-1) forky: resolved (fixed in 0.0~git20190617.5.c72a95d-1) sid: resolved (fixed in 0.0~git20190617.5.c

CVE-2018-1000050 [HIGH] CVE-2018-1000050: libstb - Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vuln... Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13. S