12 matches found
EUVD-2026-18110
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
PT-2026-29674
Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A security flaw exists in Nothings stb, specifically within the start decoder function of the stb vorbis.c file. This flaw results in an out-of-bounds write, and can be exploited remotely. The explo...
EUVD-2023-49969
Malicious code in bioql PyPI...
EUVD-2023-49972
Malicious code in bioql PyPI...
CVE-2023-45682
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in DECODE macro when var is negative. As it can be seen in the definition of DECODERAW a negative var is a valid value. This issue may be used to leak internal memory...
UBUNTU-CVE-2023-45679
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...
CVE-2023-45678 Off-by-one heap buffer write in start_decoder in stb_vorbis
stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in startdecoder because at maximum m-submaps can be 16 but submapfloor and submapresidue are declared as arrays of 15 elements. This issue may lead to code execution...
PT-2023-29648 · Unknown +2 · Stb Vorbis +2
Name of the Vulnerable Software and Affected Versions: stb vorbis affected versions not specified Description: The issue concerns a crafted file that may trigger an out of bounds read in the DECODE macro when the var is negative. According to the definition of DECODE RAW, a negative var is a vali...
SUSE CVE-2019-13222
An out-of-bounds read of a global buffer in the drawline function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file...
The vulnerability of the bark_noise_hybridmp function in the psy.c component of the Vorbis multimedia library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the barknoisehybridmp function in the psy.c component of the Vorbis multimedia library relates to the issue of writing operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and...
UBUNTU-CVE-2019-13219
A NULL pointer dereference in the getwindow function in stbvorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file...
PT-2019-13190 · Stb · Stb Vorbis
Name of the Vulnerable Software and Affected Versions: stb vorbis versions through 2019-03-04 Description: A reachable assertion in the lookup1 values function allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Recommendations: For versions through 2019-03-04,...