{"schema_version":"1.7.2","id":"OESA-2024-1410","modified":"2024-04-12T11:07:39Z","published":"2024-04-12T11:07:39Z","upstream":["CVE-2023-45675"],"summary":"stb security update","details":"Single-file public domain libraries for C/C++.\r\n\r\nSecurity Fix(es):\r\n\r\nstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f-\u0026gt;vendor[len] = (char)\u0026apos;\\0\u0026apos;;`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f-\u0026gt;alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.(CVE-2023-45675)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"stb","purl":"pkg:rpm/openEuler/stb\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20220908git8b5f1f3-0.13.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["stb_image_write-devel-1.16.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_sprintf-devel-1.10.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_dxt-devel-1.12.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_truetype-devel-1.26.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_easy_font-devel-1.1.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_image_resize-devel-0.97.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_connected_components-devel-0.96.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_ds-devel-0.67.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_hexwave-devel-0.5.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_divide-devel-0.94.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_image-devel-2.27.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb-devel-0.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_vorbis-devel-1.22.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_perlin-devel-0.5.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_textedit-devel-1.14.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm","stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.13.oe2203sp2.aarch64.rpm"],"noarch":["stb-help-0.20220908git8b5f1f3-0.13.oe2203sp2.noarch.rpm"],"src":["stb-0.20220908git8b5f1f3-0.13.oe2203sp2.src.rpm"],"x86_64":["stb_dxt-devel-1.12.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_truetype-devel-1.26.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_image_write-devel-1.16.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_easy_font-devel-1.1.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_hexwave-devel-0.5.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_textedit-devel-1.14.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_connected_components-devel-0.96.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_vorbis-devel-1.22.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_perlin-devel-0.5.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_ds-devel-0.67.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_sprintf-devel-1.10.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb-devel-0.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_image-devel-2.27.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_divide-devel-0.94.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm","stb_image_resize-devel-0.97.20220908git8b5f1f3-0.13.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1410"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45675"}],"database_specific":{"severity":"High"}}