42 matches found
Astra Linux - уязвимость в libstb
stbvorbis is a single-file MIT licensed library for processing OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write vulnerability in the line f-vendorlen = char'\0';. The root cause of this issue is that if len read from startdecoder is -1, then len + 1 becomes 0 when...
Astra Linux - уязвимость в libstb
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...
Linux Distros Unpatched Vulnerability : CVE-2026-5317
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in...
EUVD-2026-18114
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
DEBIAN-CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the startdecoder function. An attacker can cause application crashes, disclose sensitive information, or corrupt data by supplying specially crafted audio files to applications utilizing the affected library...
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function startdecoder of the file stbvorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The...
CVE-2026-5317
CVE-2026-5317 affects Nothings stb up to 1.22; vulnerable area is start_decoder in stb_vorbis.c. The issue is an out-of-bounds write caused by manipulation of data, with potential for remote execution. Public exploit exists; vendor was contacted early but did not respond. Metrics indicate exploit...
stb 缓冲区错误漏洞
STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds write operation in the startdecoder function found in the file stbvorbis.c, which could lead to remote...
EUVD-2019-4733
Malware in sbrugna...
Out-of-bounds Write
libstb.so is vulnerable to Out-of-bounds Write. The vulnerability is due to startdecoder functions maximum number of submaps allowed is 16, but submapfloor and submapresidue are declared as arrays of 15 elements. This allows an attacker can causes an out-of-bounds write in memory with a crafted...
Double Free
libstb.so is vulnerable to Double Free. The vulnerability is due to startdecoder function in stbvorbis.c file does not initialize the memory allocated for f-commentlist. This allows an attacker to craft a file that triggers an early return in the function, leading to setupfree being called on the...
Denial Of Service (DoS)
libstb.so is vulnerable to Denial Of Service. The vulnerability is due to the startdecoder function's processing of a specially crafted file, leading to a memory allocation failure due to the function returning early, setting f-commentlist to NULL, but f-commentlistlength is not reset. An attacke...
SUSE CVE-2023-45678
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the startdecoder function. An attacker can trigger an out-of-buffer write and potentially execute arbitrary code by providing a specially crafted file. This is only exploitable if m-submaps exceeds the array limit...
DEBIAN-CVE-2023-45679
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
CVE-2023-45680
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, the f-commentlist is set to NULL, but f-commentlistlength is not reset. Later in vorbisdeinit it tries to...
Code injection
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...