Debian LTS: DLA-3305-1: libstb security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3305-1                [email protected]
https://www.debian.org/lts/security/        Adrian Bunk 
January 31, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libstb
Version        : 0.0~git20180212.15.e6afb9c-1+deb10u1
CVE ID         : CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 
                 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 
                 CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 
                 CVE-2022-28042
Debian Bug     : 934966 1014530 1023693 1014531 1014532

Several vulnerabilities have been fixed in the libstb library.

CVE-2018-16981

    Heap-based buffer overflow in stbi__out_gif_code().

CVE-2019-13217

    Heap buffer overflow in the Vorbis start_decoder().

CVE-2019-13218

    Division by zero in the Vorbis predict_point().

CVE-2019-13219

    NULL pointer dereference in the Vorbis get_window().

CVE-2019-13220

    Uninitialized stack variables in the Vorbis start_decoder().

CVE-2019-13221

    Buffer overflow in the Vorbis compute_codewords().

CVE-2019-13222

    Out-of-bounds read of a global buffer in the Vorbis draw_line().

CVE-2019-13223

    Reachable assertion in the Vorbis lookup1_values().

CVE-2021-28021

    Buffer overflow in stbi__extend_receive().

CVE-2021-37789

    Heap-based buffer overflow in stbi__jpeg_load().

CVE-2021-42715

    The HDR loader parsed truncated end-of-file RLE scanlines as an 
    infinite sequence of zero-length runs.

CVE-2022-28041

    Integer overflow in stbi__jpeg_decode_block_prog_dc().

CVE-2022-28042

    Heap-based use-after-free in stbi__jpeg_huff_decode().

For Debian 10 buster, these problems have been fixed in version
0.0~git20180212.15.e6afb9c-1+deb10u1.

We recommend that you upgrade your libstb packages.

For the detailed security status of libstb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libstb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3305-1: libstb security update

January 31, 2023
Several vulnerabilities have been fixed in the libstb library

Summary

CVE-2018-16981

Heap-based buffer overflow in stbi__out_gif_code().

CVE-2019-13217

Heap buffer overflow in the Vorbis start_decoder().

CVE-2019-13218

Division by zero in the Vorbis predict_point().

CVE-2019-13219

NULL pointer dereference in the Vorbis get_window().

CVE-2019-13220

Uninitialized stack variables in the Vorbis start_decoder().

CVE-2019-13221

Buffer overflow in the Vorbis compute_codewords().

CVE-2019-13222

Out-of-bounds read of a global buffer in the Vorbis draw_line().

CVE-2019-13223

Reachable assertion in the Vorbis lookup1_values().

CVE-2021-28021

Buffer overflow in stbi__extend_receive().

CVE-2021-37789

Heap-based buffer overflow in stbi__jpeg_load().

CVE-2021-42715

The HDR loader parsed truncated end-of-file RLE scanlines as an
infinite sequence of zero-length runs.

CVE-2022-28041

Integer overflow in stbi__jpeg_decode_block_prog_dc().

CVE-2022-28042

Heap-based use-after-free in stbi__jpeg_huff_decode().

For Debian 10 buster, these problems have been fixed in version
0.0~git20180212.15.e6afb9c-1+deb10u1.

We recommend that you upgrade your libstb packages.

For the detailed security status of libstb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libstb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : libstb
Version : 0.0~git20180212.15.e6afb9c-1+deb10u1
CVE ID : CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219
Debian Bug : 934966 1014530 1023693 1014531 1014532

Related News

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Open Source 2022 Wins and Losses

Many WordPress Plugin Flaws Leveraged by Novel Linux Malware

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy