The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2023-45662 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. | -- | Oct 20, 2023 |
CVE-2022-27938 | stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | MEDIUM | Mar 26, 2022 |
CVE-2019-15058 | stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. | MEDIUM | Aug 23, 2019 |
CVE-2019-19777 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | MEDIUM | Dec 13, 2019 |
CVE-2019-20056 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | MEDIUM | Jan 8, 2020 |
CVE-2021-37789 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | -- | Nov 3, 2022 |
CVE-2022-28042 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | MEDIUM | Apr 15, 2022 |
CVE-2022-28041 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Apr 15, 2022 |
CVE-2022-25516 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | MEDIUM | Mar 17, 2022 |
CVE-2022-25515 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | MEDIUM | Mar 17, 2022 |
CVE-2022-25514 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | MEDIUM | Mar 17, 2022 |
CVE-2023-45679 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2023-45680 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. | -- | Oct 20, 2023 |
CVE-2023-45681 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2023-45682 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. | -- | Oct 20, 2023 |
CVE-2023-45676 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2023-45675 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)\'\\0\';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2023-45677 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)\'\\0\';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2023-45678 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | -- | Oct 20, 2023 |
CVE-2010-4687 | STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | Medium | Jan 19, 2011 |
CVE-2014-3088 | stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. | Medium | Jul 2, 2014 |
CVE-2023-31854 | std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. | -- | Mar 27, 2024 |
CVE-2018-11236 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | MEDIUM | May 25, 2018 |
CVE-2017-14554 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908. | Medium | Sep 20, 2017 |
CVE-2017-14550 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8. | Medium | Sep 19, 2017 |
CVE-2017-14688 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917. | MEDIUM | Sep 22, 2017 |
CVE-2017-14551 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2. | Medium | Sep 19, 2017 |
CVE-2017-14689 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e. | MEDIUM | Sep 22, 2017 |
CVE-2017-14555 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e. | Medium | Sep 20, 2017 |
CVE-2017-14546 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d. | Medium | Sep 19, 2017 |
CVE-2017-14545 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332. | Medium | Sep 19, 2017 |
CVE-2017-14543 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335. | Medium | Sep 19, 2017 |
CVE-2017-14544 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1. | Medium | Sep 19, 2017 |
CVE-2017-14303 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047. | MEDIUM | Sep 11, 2017 |
CVE-2017-14304 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0. | MEDIUM | Sep 11, 2017 |
CVE-2017-14310 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869. | MEDIUM | Sep 11, 2017 |
CVE-2017-14308 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd. | MEDIUM | Sep 11, 2017 |
CVE-2017-14306 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10. | MEDIUM | Sep 11, 2017 |
CVE-2017-14309 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8. | MEDIUM | Sep 11, 2017 |
CVE-2017-14691 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a. | MEDIUM | Sep 22, 2017 |
CVE-2017-14307 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402. | MEDIUM | Sep 11, 2017 |
CVE-2017-14302 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7. | MEDIUM | Sep 11, 2017 |
CVE-2017-14305 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578. | MEDIUM | Sep 11, 2017 |
CVE-2017-14547 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0. | Medium | Sep 19, 2017 |
CVE-2017-14565 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065. | Medium | Sep 20, 2017 |
CVE-2017-14576 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281. | Medium | Sep 21, 2017 |
CVE-2017-14569 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5. | Medium | Sep 21, 2017 |
CVE-2017-14562 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d. | Medium | Sep 20, 2017 |
CVE-2017-14560 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2. | Medium | Sep 20, 2017 |
CVE-2017-14564 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657. | Medium | Sep 20, 2017 |