[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

EUVD-2023-49968

Malicious code in bioql PyPI...

EUVD-2023-49969

Malicious code in bioql PyPI...

EUVD-2023-49953

Malicious code in bioql PyPI...

CVE-2023-45676

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

stb: Multiple Vulnerabilities

Background A set of single-file public domain or MIT licensed libraries for C/C++ Description Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is ...

Fedora 39 : stb (2024-4c8d4cda0d)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4c8d4cda0d advisory. Security fix for CVE-2023-45681 / CVE-2023-47212 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 40 : stb / usd (2023-58af3a2eca)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-58af3a2eca advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 Tenable has extracted the...

Fedora 39 : stb / usd (2023-def2f95af4)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-def2f95af4 advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 ---- A new...

Fedora 38 : stb / usd (2023-d486d13cfd)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d486d13cfd advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 Tenable has...

Fedora 37 : stb / usd (2023-a93c06a1d9)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a93c06a1d9 advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281 Tenable has...

CVE-2023-45677

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

CVE-2023-45661

stbimage is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbigifloadnext. This happens because twoback points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory...

CVE-2023-45662

stbimage is a single file MIT licensed library for processing images. When stbisetflipverticallyonload is set to TRUE and reqcomp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memc...

CVE-2023-45667

stbimage is a single file MIT licensed library for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbiverticalflipslices with th...

CVE-2023-45677

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...