Filtered by vendor Nothings
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45678 | 1 Nothings | 1 Stb Vorbis.c | 2023-10-26 | 7.8 High |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | ||||
| CVE-2023-45677 | 1 Nothings | 1 Stb Vorbis.c | 2023-10-26 | 7.8 High |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | ||||
| CVE-2023-45676 | 1 Nothings | 1 Stb Vorbis.c | 2023-10-26 | 7.8 High |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | ||||
| CVE-2018-16981 | 2 Debian, Nothings | 2 Debian Linux, Stb Image.h | 2023-02-28 | 8.8 High |
| stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | ||||
| CVE-2020-6622 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. | ||||
| CVE-2020-6621 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. | ||||
| CVE-2020-6620 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. | ||||
| CVE-2020-6619 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | ||||
| CVE-2020-6618 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. | ||||
| CVE-2020-6623 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | ||||
| CVE-2020-6617 | 1 Nothings | 1 Stb Truetype.h | 2020-01-10 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | ||||
| CVE-2019-20056 | 1 Nothings | 1 Stb Image.h | 2020-01-08 | 6.5 Medium |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | ||||
| CVE-2019-19777 | 2 Libsixel Project, Nothings | 2 Libsixel, Stb Image.h | 2019-12-18 | 8.8 High |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | ||||