Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...

CVE-2026-5317

A flaw was found in Nothings stb, a library used for processing audio. A remote attacker can exploit a vulnerability involving an out-of-bounds write within the startdecoder function. This issue could allow an attacker to cause the application to crash, disclose sensitive information, or corrupt...

UBUNTU-CVE-2026-5317

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...

CVE-2026-5317

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...

CVE-2026-5317 Nothings stb stb_vorbis.c start_decoder out-of-bounds write

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...

CVE-2026-5317 Nothings stb stb_vorbis.c start_decoder out-of-bounds write

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...

PT-2026-29674

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A security flaw exists in Nothings stb, specifically within the start decoder function of the stb vorbis.c file. This flaw results in an out-of-bounds write, and can be exploited remotely. The explo...

PT-2023-9143 · Unknown +2 · Stb Vorbis.C +2

Name of the Vulnerable Software and Affected Versions: stb vorbis.c version 1.22 Description: A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file ...

SUSE CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the startdecoder function, an attacker can execute arbitrary code by exploiting an integer overflow that leads to memory write past an allocated heap buffer. This is due to the potential integer overflow in...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the startdecoder function, an attacker can trigger memory allocation failure with a specially crafted file. This causes the function to return early, leaving some pointers in f-commentlist initialized. Later, setupfree is...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write when processing ogg vorbis files with the f-vendorlen = char'\0'; function. An attacker can trigger an out-of-bounds write by crafting a file that causes the len read in startdecoder to be -1, and len + 1 to become 0...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference when the startdecoder function processes a specially crafted file, it may trigger a memory allocation failure. An attacker can cause a denial of service by exploiting this failure. This is because the function...

DEBIAN-CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

DEBIAN-CVE-2023-45680

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...

UBUNTU-CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

UBUNTU-CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

stb_vorbis Code Issue Vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger a memory allocation failure in "startdecoder"...

stb_vorbis Input Validation Error Vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a well-designed file that may trigger a memory write to the heap buffer allocated in "startdecoder"...

PT-2023-29645

Name of the Vulnerable Software and Affected Versions stb vorbis affected versions not specified Description The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of buffer write in the start decoder function. This occurs because the maximum value of...