FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sdl2_sound -- multiple vulnerabilities

Affected packages
sdl2_sound < 2.0.2_1

Details

VuXML ID 304d92c3-00c5-11ef-bd52-080027bff743
Discovery 2023-10-20
Entry 2024-04-22

GitHub Security Lab reports:

stb_image.h and stb_vorbis libraries contain several memory access violations of different severity

  1. Wild address read in stbi__gif_load_next (GHSL-2023-145).
  2. Multi-byte read heap buffer overflow in stbi__vertical_flip (GHSL-2023-146).
  3. Disclosure of uninitialized memory in stbi__tga_load (GHSL-2023-147).
  4. Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148).
  5. Null pointer dereference in stbi__convert_format (GHSL-2023-149).
  6. Possible double-free or memory leak in stbi__load_gif_main (GHSL-2023-150).
  7. Null pointer dereference because of an uninitialized variable (GHSL-2023-151).
  8. 0 byte write heap buffer overflow in start_decoder (GHSL-2023-165)
  9. Multi-byte write heap buffer overflow in start_decoder (GHSL-2023-166)
  10. Heap buffer out of bounds write in start_decoder (GHSL-2023-167)
  11. Off-by-one heap buffer write in start_decoder (GHSL-2023-168)
  12. Attempt to free an uninitialized memory pointer in vorbis_deinit (GHSL-2023-169)
  13. Null pointer dereference in vorbis_deinit (GHSL-2023-170)
  14. Out of bounds heap buffer write (GHSL-2023-171)
  15. Wild address read in vorbis_decode_packet_rest (GHSL-2023-172)
[source]

References

CVE Name CVE-2023-45676
CVE Name CVE-2023-45677
CVE Name CVE-2023-45680
CVE Name CVE-2023-45681
CVE Name CVE-2023-45682
URL https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.