SUSE CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under the MIT license, designed for processing OGG Vorbis files. A properly crafted file may trigger an out-of-bounds read in the DECODE macro when var is negative. As can be seen in the definition of DECODERAW, a negative value for var is still a valid...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detection when STB is unavailable Loading the amdpmc module with the option amdpmc enablestb=1 may result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff...

Astra Linux - уязвимость в libstb

There is a heap-based buffer overflow vulnerability in the comment functionality of stbvorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в libstb

stbvorbis is a single-file library licensed under the MIT license, designed for processing OGG Vorbis files. A properly crafted file may cause a memory allocation failure in the startdecoder function. In such cases, the function returns early, but some of the pointers in f-commentlist remain...

Astra Linux - уязвимость в libstb

Buffer overflow vulnerability in the function stbiextendreceive in stbimage.h in stb 2.26, caused by a crafted JPEG file...

Astra Linux - уязвимость в libstb

stbimage is a single file MIT licensed library for processing images. It may look like stbiloadgifmain doesn’t give guarantees about the content of output value delays upon failure. Although it sets delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT, designed for processing OGG Vorbis files. A properly crafted file may cause a memory allocation failure in the startdecoder function. In such cases, the function returns early; f-commentlist is set to NULL, but f-commentlistlength is not rese...

Astra Linux - уязвимость в libstb

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fixed a memory leak in amdpmcstbdebugfsopenv2. The function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism is enabled. When amdpmcsendcmd fails, the ‘buf’ variable needs to be released...

Astra Linux - уязвимость в libstb

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

Astra Linux - уязвимость в libstb

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbiconvertformat. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted pic file...

[SECURITY] Fedora 44 Update: stb-0^20260313git904aa67-2.fc44

Single-file public domain libraries for C/C++...

[SECURITY] Fedora 42 Update: stb-0^20260313git904aa67-2.fc42

Single-file public domain libraries for C/C++...

[SECURITY] Fedora 43 Update: stb-0^20260313git904aa67-2.fc43

Single-file public domain libraries for C/C++...

Fedora 42 : stb (2026-651e3129a9)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-651e3129a9 advisory. Fix access/use of uninitialized memory in stbimage Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

SUSE CVE-2026-5313

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

SUSE CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-5313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decode...