7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
28.3%
GitHub Security Lab reports:
stb_image.h and stb_vorbis libraries contain several memory access violations of different severity
Wild address read in stbi__gif_load_next (GHSL-2023-145).
Multi-byte read heap buffer overflow in stbi__vertical_flip (GHSL-2023-146).
Disclosure of uninitialized memory in stbi__tga_load (GHSL-2023-147).
Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148).
Null pointer dereference in stbi__convert_format (GHSL-2023-149).
Possible double-free or memory leak in stbi__load_gif_main (GHSL-2023-150).
Null pointer dereference because of an uninitialized variable (GHSL-2023-151).
0 byte write heap buffer overflow in start_decoder (GHSL-2023-165)
Multi-byte write heap buffer overflow in start_decoder (GHSL-2023-166)
Heap buffer out of bounds write in start_decoder (GHSL-2023-167)
Off-by-one heap buffer write in start_decoder (GHSL-2023-168)
Attempt to free an uninitialized memory pointer in vorbis_deinit (GHSL-2023-169)
Null pointer dereference in vorbis_deinit (GHSL-2023-170)
Out of bounds heap buffer write (GHSL-2023-171)
Wild address read in vorbis_decode_packet_rest (GHSL-2023-172)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | sdl2_sound | < 2.0.2_1 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
28.3%