CVE-2018-1000050

NameCVE-2018-1000050
DescriptionSean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libstb (PTS)buster0.0~git20180212.15.e6afb9c-1fixed
bookworm, sid, bullseye0.0~git20200713.b42009b+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libstbsource(unstable)(not affected)

Notes

- libstb <not-affected> (Fixed before initial upload to Debian)
https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio

Search for package or bug name: Reporting problems