Debian LTS: DLA-3305-1: libstb security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3305-1                [email protected]
https://www.debian.org/lts/security/        Adrian Bunk 
January 31, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libstb
Version        : 0.0~git20180212.15.e6afb9c-1+deb10u1
CVE ID         : CVE-2018-16981 CVE-2019-13217 CVE-2019-13218 CVE-2019-13219 
                 CVE-2019-13220 CVE-2019-13221 CVE-2019-13222 CVE-2019-13223 
                 CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 
                 CVE-2022-28042
Debian Bug     : 934966 1014530 1023693 1014531 1014532

Several vulnerabilities have been fixed in the libstb library.

CVE-2018-16981

    Heap-based buffer overflow in stbi__out_gif_code().

CVE-2019-13217

    Heap buffer overflow in the Vorbis start_decoder().

CVE-2019-13218

    Division by zero in the Vorbis predict_point().

CVE-2019-13219

    NULL pointer dereference in the Vorbis get_window().

CVE-2019-13220

    Uninitialized stack variables in the Vorbis start_decoder().

CVE-2019-13221

    Buffer overflow in the Vorbis compute_codewords().

CVE-2019-13222

    Out-of-bounds read of a global buffer in the Vorbis draw_line().

CVE-2019-13223

    Reachable assertion in the Vorbis lookup1_values().

CVE-2021-28021

    Buffer overflow in stbi__extend_receive().

CVE-2021-37789

    Heap-based buffer overflow in stbi__jpeg_load().

CVE-2021-42715

    The HDR loader parsed truncated end-of-file RLE scanlines as an 
    infinite sequence of zero-length runs.

CVE-2022-28041

    Integer overflow in stbi__jpeg_decode_block_prog_dc().

CVE-2022-28042

    Heap-based use-after-free in stbi__jpeg_huff_decode().

For Debian 10 buster, these problems have been fixed in version
0.0~git20180212.15.e6afb9c-1+deb10u1.

We recommend that you upgrade your libstb packages.

For the detailed security status of libstb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libstb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

What Are You Looking For?

Popular Tags

Debian LTS: DLA-3305-1: libstb security update

Summary

Linux Kernel Vulnerabilities in Ubuntu Let Hackers Launch DOS Attack & Execute Arbitrary Code

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

Open Source 2022 Wins and Losses

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More

Verifying Linux Server Security: What Every Admin Needs to Know

What Linux, Windows & Mac OS Users Need to Know About VPNs

Complete Guide to Vulnerability Basics

How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

What Are You Looking For?

Popular Tags

Debian LTS: DLA-3305-1: libstb security update

Summary

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By