Описание
Security update for SDL2_sound
This update for SDL2_sound fixes the following issues:
-
Update to release 2.0.4:
- Update bundled stb_vorbis to address CVE-2023-45676, CVE-2023-45677, CVE-2023-45679, CVE-2023-45680, CVE-2023-45681, CVE-2023-45682.
-
Update to release 2.0.2
- No further changes from the last snapshot 2.0.1+g60
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2025:0037-1
- SUSE Security Ratings
- SUSE Bug 1216478
- SUSE CVE CVE-2023-45676 page
- SUSE CVE CVE-2023-45677 page
- SUSE CVE CVE-2023-45679 page
- SUSE CVE CVE-2023-45680 page
- SUSE CVE CVE-2023-45681 page
- SUSE CVE CVE-2023-45682 page
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.
Затронутые продукты
Ссылки
- CVE-2023-45676
- SUSE Bug 1216478
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.
Затронутые продукты
Ссылки
- CVE-2023-45677
- SUSE Bug 1216478
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
Затронутые продукты
Ссылки
- CVE-2023-45679
- SUSE Bug 1216478
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
Затронутые продукты
Ссылки
- CVE-2023-45680
- SUSE Bug 1216478
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Затронутые продукты
Ссылки
- CVE-2023-45681
- SUSE Bug 1216478
Описание
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.
Затронутые продукты
Ссылки
- CVE-2023-45682
- SUSE Bug 1216478