Information on source package libstb

Available versions

ReleaseVersion
buster0.0~git20180212.15.e6afb9c-1
buster (security)0.0~git20180212.15.e6afb9c-1+deb10u1
bullseye0.0~git20200713.b42009b+ds-1
bookworm0.0~git20220908.8b5f1f3+ds-1
sid0.0~git20220908.8b5f1f3+ds-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2022-28042fixedvulnerable (no DSA)vulnerablevulnerablestb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...
CVE-2022-28041fixedvulnerable (no DSA)vulnerablevulnerablestb_image.h v2.27 was discovered to contain an integer overflow via th ...
CVE-2021-42716fixedfixedvulnerablevulnerableAn issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...
CVE-2021-42715fixedvulnerable (no DSA)vulnerablevulnerableAn issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...
CVE-2021-37789fixedvulnerable (no DSA)vulnerablevulnerablestb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...
CVE-2021-28021fixedvulnerable (no DSA)fixedfixedBuffer overflow vulnerability in function stbi__extend_receive in stb_ ...
CVE-2019-20056vulnerable (no DSA)vulnerable (no DSA)fixedfixedstb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...
CVE-2019-15058vulnerable (no DSA)vulnerable (no DSA)fixedfixedstb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...

Open unimportant issues

BugbusterbullseyebookwormsidDescription
CVE-2022-28048vulnerablevulnerablevulnerablevulnerableSTB v2.27 was discovered to contain an integer shift of invalid size i ...
CVE-2022-27938vulnerablevulnerablevulnerablevulnerablestb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...
CVE-2022-25516vulnerablevulnerablevulnerablevulnerable** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...
CVE-2022-25515vulnerablevulnerablevulnerablevulnerable** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...
CVE-2022-25514vulnerablevulnerablevulnerablevulnerable** DISPUTED ** stb_truetype.h v1.26 was discovered to contain a heap-b ...
CVE-2020-6623vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...
CVE-2020-6622vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...
CVE-2020-6621vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...
CVE-2020-6620vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...
CVE-2020-6619vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...
CVE-2020-6618vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...
CVE-2020-6617vulnerablevulnerablevulnerablevulnerablestb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...

Resolved issues

BugDescription
CVE-2019-13223A reachable assertion in the lookup1_values function in stb_vorbis thr ...
CVE-2019-13222An out-of-bounds read of a global buffer in the draw_line function in ...
CVE-2019-13221A stack buffer overflow in the compute_codewords function in stb_vorbi ...
CVE-2019-13220Use of uninitialized stack variables in the start_decoder function in ...
CVE-2019-13219A NULL pointer dereference in the get_window function in stb_vorbis th ...
CVE-2019-13218Division by zero in the predict_point function in stb_vorbis through 2 ...
CVE-2019-13217A heap buffer overflow in the start_decoder function in stb_vorbis thr ...
CVE-2018-1000050Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Ove ...
CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...

Security announcements

DSA / DLADescription
DLA-3305-1libstb - security update

Search for package or bug name: Reporting problems