Nothings Stb vulnerabilities

CVE-2023-45681 [HIGH] CWE-787 CVE-2023-45681: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another

CVE-2023-45664 [HIGH] CWE-415 CVE-2023-45664: stb_image is a single file MIT licensed library for processing images. A crafted image file can trig stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and r

CVE-2023-45680 [MEDIUM] CWE-476 CVE-2023-45680: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. Thi

CVE-2023-45663 [MEDIUM] CWE-908 CVE-2023-45663: stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the