9 matches found
CVE-2023-45679
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
Fedora: Security Advisory (FEDORA-2025-82714dbb22)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2023-45679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that...
openSUSE 15 Security Update : SDL2_sound (openSUSE-SU-2025:0037-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0037-1 advisory. - Update to release 2.0.4: Update bundled stbvorbis to address CVE-2023-45676, CVE-2023-45677, CVE-2023-45679, CVE-2023-45680, CVE-2023-45681,...
Fedora 41 : libxmp (2025-23e4aeeb91)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-23e4aeeb91 advisory. Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null...
CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
CVE-2023-45679
CVE-2023-45679 affects stb_vorbis (a single-file MIT licensed library) used by SDL2_sound. A crafted Vorbis file can trigger a memory allocation failure in start_decoder, causing early return while some f->comment_list pointers remain initialized; later vorbis_deinit calls setup_free on them, ...