diff options
| author | Dmitry Marakasov <amdmi3@FreeBSD.org> | 2024-04-22 16:39:15 +0000 |
|---|---|---|
| committer | Dmitry Marakasov <amdmi3@FreeBSD.org> | 2024-04-22 18:20:02 +0000 |
| commit | a8b170fac8cbc8afc03645ea2a4a3de1f24e5699 (patch) | |
| tree | 4510c12847dbc9910498e92e98933d41f067a8e7 | |
| parent | e81005b3efa4f70e0819a3391597069340aec9de (diff) | |
| download | ports-a8b170fac8cbc8afc03645ea2a4a3de1f24e5699.tar.gz ports-a8b170fac8cbc8afc03645ea2a4a3de1f24e5699.zip | |
security/vuxml: document sdl2_sound vulns
PR: 278491
| -rw-r--r-- | security/vuxml/vuln/2024.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 1532c5caabbb..571f786f78be 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,50 @@ + <vuln vid="304d92c3-00c5-11ef-bd52-080027bff743"> + <topic>sdl2_sound -- multiple vulnerabilities</topic> + <affects> + <package> + <name>sdl2_sound</name> + <range><lt>2.0.2_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GitHub Security Lab reports:</p> + <blockquote cite="https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/"> + <p>stb_image.h and stb_vorbis libraries contain several memory access violations of different severity</p> + <ol> + <li>Wild address read in stbi__gif_load_next (GHSL-2023-145).</li> + <li>Multi-byte read heap buffer overflow in stbi__vertical_flip (GHSL-2023-146).</li> + <li>Disclosure of uninitialized memory in stbi__tga_load (GHSL-2023-147).</li> + <li>Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148).</li> + <li>Null pointer dereference in stbi__convert_format (GHSL-2023-149).</li> + <li>Possible double-free or memory leak in stbi__load_gif_main (GHSL-2023-150).</li> + <li>Null pointer dereference because of an uninitialized variable (GHSL-2023-151).</li> + <li>0 byte write heap buffer overflow in start_decoder (GHSL-2023-165)</li> + <li>Multi-byte write heap buffer overflow in start_decoder (GHSL-2023-166)</li> + <li>Heap buffer out of bounds write in start_decoder (GHSL-2023-167)</li> + <li>Off-by-one heap buffer write in start_decoder (GHSL-2023-168)</li> + <li>Attempt to free an uninitialized memory pointer in vorbis_deinit (GHSL-2023-169)</li> + <li>Null pointer dereference in vorbis_deinit (GHSL-2023-170)</li> + <li>Out of bounds heap buffer write (GHSL-2023-171)</li> + <li>Wild address read in vorbis_decode_packet_rest (GHSL-2023-172)</li> + </ol> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-45676</cvename> + <cvename>CVE-2023-45677</cvename> + <cvename>CVE-2023-45680</cvename> + <cvename>CVE-2023-45681</cvename> + <cvename>CVE-2023-45682</cvename> + <url>https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/</url> + </references> + <dates> + <discovery>2023-10-20</discovery> + <entry>2024-04-22</entry> + </dates> + </vuln> + <vuln vid="9bed230f-ffc8-11ee-8e76-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> |