Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2025:0039-1

Опубликовано: 31 янв. 2025
Источник: suse-cvrf

Описание

Security update for stb

This update for stb fixes the following issues:

Addressing the follow security issues (boo#1216478):

  • CVE-2019-13217: heap buffer overflow in start_decoder()
  • CVE-2019-13218: stack buffer overflow in compute_codewords()
  • CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
  • CVE-2019-13220: out-of-range read in draw_line()
  • CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
  • CVE-2019-13222: unchecked NULL returned by get_window()
  • CVE-2019-13223: division by zero in predict_point()

Список пакетов

SUSE Package Hub 15 SP6
stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6
stb-devel-20240910-bp156.2.3.1

Ссылки

Описание

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки

Описание

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

Затронутые продукты
SUSE Package Hub 15 SP6:stb-devel-20240910-bp156.2.3.1
openSUSE Leap 15.6:stb-devel-20240910-bp156.2.3.1
Ссылки