Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.19 views

Fedora 40 : stb / usd (2023-58af3a2eca)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-58af3a2eca advisory. Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 Tenable has extracted the...

9.8CVSS6.8AI score0.01137EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.28 views

FreeBSD : sdl2_sound -- multiple vulnerabilities (304d92c3-00c5-11ef-bd52-080027bff743)

"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 304d92c3-00c5-11ef-bd52-080027bff743 advisory. - stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted...

7.8CVSS6.5AI score0.0056EPSS
Exploits0References7
NVD
NVD
added 2023/10/21 12:15 a.m.8 views

CVE-2023-45679

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

7.8CVSS7.5AI score0.00522EPSS
Exploits0References3
NVD
NVD
added 2023/10/21 12:15 a.m.13 views

CVE-2023-45677

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

7.8CVSS7.6AI score0.00536EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/10/21 12:15 a.m.22 views

CVE-2023-45676

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

7.8CVSS7.3AI score0.00518EPSS
Exploits0References6
Prion
Prion
added 2023/10/21 12:15 a.m.12 views

Design/Logic Flaw

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

4.4CVSS7.7AI score0.00522EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/10/21 12:0 a.m.7 views

stb_vorbis buffer error vulnerability

stbvorbis is an open source audio decoder for decoding ogg vorbis files. A security vulnerability exists in stbvorbis, which stems from a carefully crafted file that may trigger an out-of-bounds write in "f-vendorlen = char ;"...

7.8CVSS7AI score0.00759EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2023/10/20 11:27 p.m.55 views

CVE-2023-45682

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...

7.1CVSS6.7AI score0.0056EPSS
Exploits0
CVE
CVE
added 2023/10/20 11:26 p.m.63 views

CVE-2023-45679

CVE-2023-45679 affects stb_vorbis (a single-file MIT licensed library) used by SDL2_sound. A crafted Vorbis file can trigger a memory allocation failure in start_decoder, causing early return while some f->comment_list pointers remain initialized; later vorbis_deinit calls setup_free on them, ...

7.8CVSS7.4AI score0.00522EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/20 11:26 p.m.24 views

CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

7.3CVSS8AI score0.00522EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/10/20 11:26 p.m.45 views

CVE-2023-45678

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...

7.8CVSS7.8AI score0.0073EPSS
Exploits0
Cvelist
Cvelist
added 2023/10/20 11:26 p.m.28 views

CVE-2023-45676 Multi-byte write heap buffer overflow in start_decoder in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

7.3CVSS8.3AI score0.00518EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/10/20 11:26 p.m.36 views

CVE-2023-45676

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz overflows with sz+7 in and the negative...

7.8CVSS8AI score0.00518EPSS
Exploits0
Cvelist
Cvelist
added 2023/10/20 11:26 p.m.29 views

CVE-2023-45675 0 byte write heap buffer overflow in start_decoder in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if the len read in startdecoder is -1 and len + 1 becomes 0 when passed to setupmalloc. The setupmalloc behaves...

6.5CVSS9.1AI score0.00759EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/10/20 11:26 p.m.37 views

CVE-2023-45675

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if the len read in startdecoder is -1 and len + 1 becomes 0 when passed to setupmalloc. The setupmalloc behaves...

7.8CVSS7.8AI score0.00759EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.12 views

PT-2023-29646 · Unknown +2 · Stb Vorbis +2

Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue is related to the processing of ogg vorbis files. A crafted file can cause a memory allocation failure in the start decoder function, leading to some pointers in f-comment list...

7.8CVSS6.5AI score0.0056EPSS
Exploits0References30
OSV
OSV
added 2019/08/15 5:15 p.m.3 views

UBUNTU-CVE-2019-13220

Use of uninitialized stack variables in the startdecoder function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...

7.1CVSS7AI score0.00985EPSS
Exploits0References3
CNVD
CNVD
added 2019/08/15 12:0 a.m.5 views

Sean Barrett stb_vorbis code issue vulnerability

Sean Barrett stbvorbis is an open source audio codec for decoding ogg vorbis files. Sean Barrett stbvorbis A code issue vulnerability exists in the 'getwindow' function in versions 2019-03-04 and earlier. The vulnerability stems from an improperly designed or implemented code development process...

5.5CVSS6.9AI score0.00961EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/08/15 12:0 a.m.8 views

PT-2019-13187 · Nothinq · Stb Vorbis

Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: The issue is related to the use of uninitialized stack variables in the start decoder function, which can be exploited by opening a crafted Ogg Vorbis file. This can lead to a denial of...

8.8CVSS5.8AI score0.02069EPSS
Exploits5References49
CNVD
CNVD
added 2019/08/15 12:0 a.m.3 views

Sean Barrett stb_vorbis has an unspecified vulnerability

Sean Barrett stbvorbis is an open source audio codec for decoding ogg vorbis files. A security vulnerability exists in the 'lookup1values' function in Sean Barrett stbvorbis 2019-03-04 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service with the help of...

5.5CVSS6.6AI score0.00961EPSS
Exploits0References1
Rows per page
Query Builder