All the vulnerabilites related to nothings - stb
cve-2023-45675
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 13:40
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45675",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:33:00.443922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:40:37.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f-\u003evendor[len] = (char)\u0027\\0\u0027;`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f-\u003ealloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:45.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-53w8-p2pg-5wm5",
"discovery": "UNKNOWN"
},
"title": "0 byte write heap buffer overflow in start_decoder in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45675",
"datePublished": "2023-10-20T23:26:45.989Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-09-12T13:40:37.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45678
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 13:37
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45678",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:32:11.839626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:37:04.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m-\u003esubmaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:51.139Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4074-L4079"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L753-L760"
}
],
"source": {
"advisory": "GHSA-98rv-c7x9-93fh",
"discovery": "UNKNOWN"
},
"title": "Off-by-one heap buffer write in start_decoder in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45678",
"datePublished": "2023-10-20T23:26:51.139Z",
"dateReserved": "2023-10-10T14:36:40.862Z",
"dateUpdated": "2024-09-12T13:37:04.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45667
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 15:02
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images.
If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45667",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:07:34.956717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:02:29.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images.\n\nIf `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:44.376Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-3952-fwf8-f9mj",
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference because of an uninitialized variable in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45667",
"datePublished": "2023-10-20T23:26:44.376Z",
"dateReserved": "2023-10-10T14:36:40.860Z",
"dateUpdated": "2024-09-12T15:02:29.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45661
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 16:02
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45661",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:27:05.813760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:39.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:08.605Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-hhff-9hgq-wrvv",
"discovery": "UNKNOWN"
},
"title": "Wild address read in stbi__gif_load_next in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45661",
"datePublished": "2023-10-20T23:26:08.605Z",
"dateReserved": "2023-10-10T14:36:40.859Z",
"dateUpdated": "2024-09-12T16:02:39.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45682
Vulnerability from cvelistv5
Published
2023-10-20 23:27
Modified
2024-09-12 13:35
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45682",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:31:21.743789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:35:19.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:27:04.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1717-L1729"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L1754-L1756"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3231"
}
],
"source": {
"advisory": "GHSA-g5xp-8x5v-6cmv",
"discovery": "UNKNOWN"
},
"title": "Wild address read in vorbis_decode_packet_rest in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45682",
"datePublished": "2023-10-20T23:27:04.879Z",
"dateReserved": "2023-10-10T14:36:40.862Z",
"dateUpdated": "2024-09-12T13:35:19.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45680
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-11 20:22
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45680",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:21:33.219201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T20:22:52.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f-\u003ecomment_list` is set to `NULL`, but `f-\u003ecomment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:54.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3666"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215"
}
],
"source": {
"advisory": "GHSA-6w3h-6hpf-r29c",
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in vorbis_deinit in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45680",
"datePublished": "2023-10-20T23:26:54.394Z",
"dateReserved": "2023-10-10T14:36:40.862Z",
"dateUpdated": "2024-09-11T20:22:52.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45666
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 15:32
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45666",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:07:55.124467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:32:56.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn\u2019t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn\u2019t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn\u2019t fail or to a double-free if the `delays` is always freed"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:42.620Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-7wj3-p7j4-9qvq",
"discovery": "UNKNOWN"
},
"title": "Possible double-free or memory leak in stbi__load_gif_main in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45666",
"datePublished": "2023-10-20T23:26:42.620Z",
"dateReserved": "2023-10-10T14:36:40.860Z",
"dateUpdated": "2024-09-12T15:32:56.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45664
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 15:33
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45664",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:20:19.089300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:33:45.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first \u201cfree\u201d, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:40.320Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-9gqr-x96c-h5h5",
"discovery": "UNKNOWN"
},
"title": "Double-free in stbi__load_gif_main_outofmem in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45664",
"datePublished": "2023-10-20T23:26:40.320Z",
"dateReserved": "2023-10-10T14:36:40.860Z",
"dateUpdated": "2024-09-12T15:33:45.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45677
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 13:37
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45677",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:32:26.696444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:37:51.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f-\u003evendor[len] = (char)\u0027\\0\u0027;`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f-\u003evendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f-\u003ecomment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:49.582Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3653"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3658"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3670C7-L3670C75"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L961"
}
],
"source": {
"advisory": "GHSA-q8jf-6894-c69h",
"discovery": "UNKNOWN"
},
"title": "Heap buffer out of bounds write in start_decoder in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45677",
"datePublished": "2023-10-20T23:26:49.582Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-09-12T13:37:51.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45681
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45681",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:47:31.312814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:56:42.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f-\u003ecomment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:56.100Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBIPXOBWUHPAH4QHMVP2AWWAPDDZDQ66/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WRORYQ2Z2XXHPX36JHBUSDVY6IOMW2N/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4/"
}
],
"source": {
"advisory": "GHSA-hf9g-qhfr-fc24",
"discovery": "UNKNOWN"
},
"title": "Out of bounds heap buffer write in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45681",
"datePublished": "2023-10-20T23:26:56.100Z",
"dateReserved": "2023-10-10T14:36:40.862Z",
"dateUpdated": "2024-08-02T20:29:31.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45676
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 13:38
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:32:47.392211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:38:48.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f-\u003evendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:47.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L950-L960"
}
],
"source": {
"advisory": "GHSA-mqff-rm74-7wxf",
"discovery": "UNKNOWN"
},
"title": "Multi-byte write heap buffer overflow in start_decoder in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45676",
"datePublished": "2023-10-20T23:26:47.709Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-09-12T13:38:48.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45662
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 15:36
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45662",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:23:52.495554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:36:24.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn\u2019t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn\u2019t match the real image array dimensions. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:11.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-v9xx-v7cm-9337",
"discovery": "UNKNOWN"
},
"title": "Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45662",
"datePublished": "2023-10-20T23:26:11.578Z",
"dateReserved": "2023-10-10T14:36:40.860Z",
"dateUpdated": "2024-09-12T15:36:24.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45679
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 13:36
Severity ?
EPSS score ?
Summary
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45679",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T13:31:37.004301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:36:24.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f-\u003ecomment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:52.650Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L4208-L4215"
}
],
"source": {
"advisory": "GHSA-8pj7-fw93-rcgv",
"discovery": "UNKNOWN"
},
"title": "Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45679",
"datePublished": "2023-10-20T23:26:52.650Z",
"dateReserved": "2023-10-10T14:36:40.862Z",
"dateUpdated": "2024-09-12T13:36:24.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45663
Vulnerability from cvelistv5
Published
2023-10-20 23:26
Modified
2024-09-12 15:34
Severity ?
EPSS score ?
Summary
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stb_image",
"vendor": "nothings",
"versions": [
{
"lessThanOrEqual": "2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45663",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:20:34.630531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:34:30.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stb",
"vendor": "nothings",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908: Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T23:26:13.834Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20"
},
{
"name": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/"
}
],
"source": {
"advisory": "GHSA-rgcq-r36w-57xh",
"discovery": "UNKNOWN"
},
"title": "Disclosure of uninitialized memory in stbi__tga_load in stb_image"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45663",
"datePublished": "2023-10-20T23:26:13.834Z",
"dateReserved": "2023-10-10T14:36:40.860Z",
"dateUpdated": "2024-09-12T15:34:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}