Information on source package libstb

Available versions

Release	Version
buster	0.0~git20180212.15.e6afb9c-1
buster (security)	0.0~git20180212.15.e6afb9c-1+deb10u1
bullseye	0.0~git20200713.b42009b+ds-1
bookworm	0.0~git20220908.8b5f1f3+ds-1
trixie	0.0~git20230129.5736b15+ds-1
sid	0.0~git20230129.5736b15+ds-1

Open issues

Bug	buster	bullseye	bookworm	trixie	sid	Description
CVE-2023-45682	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45681	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45680	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45679	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45678	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45677	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45676	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45675	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_vorbis is a single file MIT licensed library for processing ogg vo ...
CVE-2023-45667	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-45666	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-45664	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-45663	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-45662	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-45661	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	stb_image is a single file MIT licensed library for processing images. ...
CVE-2023-43898	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Nothings stb 2.28 was discovered to contain a Null Pointer Dereference ...
CVE-2022-28042	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	stb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...
CVE-2022-28041	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	stb_image.h v2.27 was discovered to contain an integer overflow via th ...
CVE-2021-42716	fixed	fixed	vulnerable (no DSA)	fixed	fixed	An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...
CVE-2021-42715	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...
CVE-2021-37789	fixed	vulnerable (no DSA)	fixed	fixed	fixed	stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...
CVE-2021-28021	fixed	vulnerable (no DSA)	fixed	fixed	fixed	Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...
CVE-2019-20056	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...
CVE-2019-15058	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...

Open unimportant issues

Bug	buster	bullseye	bookworm	trixie	sid	Description
CVE-2022-28048	vulnerable	vulnerable	vulnerable	fixed	fixed	STB v2.27 was discovered to contain an integer shift of invalid size i ...
CVE-2022-27938	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...

Resolved issues

Bug	Description
CVE-2019-13223	A reachable assertion in the lookup1_values function in stb_vorbis thr ...
CVE-2019-13222	An out-of-bounds read of a global buffer in the draw_line function in ...
CVE-2019-13221	A stack buffer overflow in the compute_codewords function in stb_vorbi ...
CVE-2019-13220	Use of uninitialized stack variables in the start_decoder function in ...
CVE-2019-13219	A NULL pointer dereference in the get_window function in stb_vorbis th ...
CVE-2019-13218	Division by zero in the predict_point function in stb_vorbis through 2 ...
CVE-2019-13217	A heap buffer overflow in the start_decoder function in stb_vorbis thr ...
CVE-2018-1000050	Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Ove ...
CVE-2018-16981	stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...

Security announcements

DSA / DLA	Description
DLA-3305-1	libstb - security update