6 matches found
EUVD-2026-18110
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
EUVD-2023-49969
Malicious code in bioql PyPI...
EUVD-2023-49972
Malicious code in bioql PyPI...
CVE-2023-45682
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...
CVE-2023-45678 Off-by-one heap buffer write in start_decoder in stb_vorbis
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...
UBUNTU-CVE-2019-13219
A NULL pointer dereference in the getwindow function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file...