Bug 1216478

Summary: VUL-0: TRACKERBUG: stb: Several memory access violations in stb_image and stb_vorbis
Product: [openSUSE] openSUSE Tumbleweed Reporter: Thomas Leroy <thomas.leroy>
Component: SecurityAssignee: Adrian Schröter <adrian.schroeter>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-10-23 07:29:00 UTC 
GHSL-2023-145_GHSL-2023-151/GHSL-2023-165_GHSL-2023-172: Several memory access violations in stb_image and stb_vorbis

GHSL-2023-145 - CVE-2023-45661
GHSL-2023-146 - CVE-2023-45662
GHSL-2023-147 - CVE-2023-45663
GHSL-2023-148 - CVE-2023-45664
GHSL-2023-150 - CVE-2023-45666
GHSL-2023-151 - CVE-2023-45667
GHSL-2023-165 - CVE-2023-45675
GHSL-2023-166 - CVE-2023-45676
GHSL-2023-167 - CVE-2023-45677
GHSL-2023-168 - CVE-2023-45678
GHSL-2023-169 - CVE-2023-45679
GHSL-2023-170 - CVE-2023-45680
GHSL-2023-171 - CVE-2023-45681
GHSL-2023-172 - CVE-2023-45682

PRs (not merged yet):
https://github.com/nothings/stb/pull/1539
https://github.com/nothings/stb/pull/1541
https://github.com/nothings/stb/pull/1543
https://github.com/nothings/stb/pull/1545
https://github.com/nothings/stb/pull/1547
https://github.com/nothings/stb/pull/1549
https://github.com/nothings/stb/pull/1551
https://github.com/nothings/stb/pull/1553
https://github.com/nothings/stb/pull/1554
https://github.com/nothings/stb/pull/1555
https://github.com/nothings/stb/pull/1556
https://github.com/nothings/stb/pull/1557
https://github.com/nothings/stb/pull/1558
https://github.com/nothings/stb/pull/1559
https://github.com/nothings/stb/pull/1560


References:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
Comment 1 Thomas Leroy 2023-10-23 07:34:02 UTC 
Factory and Backports affected