SB2025011433 - Fedora 40 update for SDL2_sound

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025011433

SB2025011433 - Fedora 40 update for SDL2_sound

Published: January 14, 2025

Security Bulletin ID SB2025011433
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 83% Medium 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2023-45676)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.


2) Out-of-bounds write (CVE-ID: CVE-2023-45677)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write and lead to code execution.


3) Double free (CVE-ID: CVE-2023-45679)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.


4) Double free (CVE-ID: CVE-2023-45679)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.


5) NULL pointer dereference (CVE-ID: CVE-2023-45680)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.


6) Out-of-bounds read (CVE-ID: CVE-2023-45682)

The vulnerability allows a remote non-authenticated attacker to read data or crash the application.

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.


Remediation

Install update from vendor's website.

References