CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

Integer overflow

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

stb_vorbis Input Validation Error Vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger a memory write to the heap buffer allocated in "startdecoder"...

CVE-2023-45681 Out of bounds heap buffer write in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

CVE-2023-45681 Out of bounds heap buffer write in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

CVE-2023-45681

CVE-2023-45681 affects the stb_vorbis library used by stb_vorbis (single-file MIT licensed) for OGG Vorbis processing. A crafted file may trigger a memory write past an allocated heap buffer in start_decoder due to an integer overflow in sizeof(char*) * (f->comment_list_length), causing under-...

CVE-2023-45681

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in startdecoder. The root cause is a potential integer overflow in sizeofchar f-commentlistlength which may make setupmalloc allocate less memory...

Amazon Linux 2 : thunderbird (ALAS-2023-2291)

The version of thunderbird installed on the remote host is prior to 102.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2291 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds...

Amazon Linux 2 : libwebp12 (ALAS-2023-2290)

The version of libwebp12 installed on the remote host is prior to 1.2.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2290 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memor...

Important: libwebp12

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: libwebp12 Note: This advisory is applicable to...

CVE-2023-45863

An out-of-bounds memory write flaw was found in the load/unload module in the Linux kernel's kobject functionality, potentially triggering a race condition in the kobjectgetpath function. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-015)

The version of firefox installed on the remote host is prior to 102.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2023-015 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bound...

OESA-2023-1713 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to...

Mageia: Security Advisory (MGASA-2023-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

GHSA-F9PM-4G9P-6VM3 Bundled libwebp in pywebp vulnerable

Impact pywebp versions before v0.3.0 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. The vulnerability was a heap buffer overflow which allowed a remote attacker to perform an out of bounds memory write. Patches The problem has been patched upstream in libwebp 1.3.2. pywe...

Fedora 37 : thunderbird (2023-6b5635d7d3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6b5635d7d3 advisory. Update to 102.15.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;...

RockyLinux 8 : thunderbird (RLSA-2023:5201)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5201 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the RockyLinux security...