SUSE Package Hub - openSUSE-2025-39

Update Info

openSUSE-2025-39

Security update for stb

Type: security

Severity: important

Issued: 2025-01-31

Description:

This update for stb fixes the following issues:

Addressing the follow security issues (boo#1216478):

* CVE-2019-13217: heap buffer overflow in start_decoder()
* CVE-2019-13218: stack buffer overflow in compute_codewords()
* CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
* CVE-2019-13220: out-of-range read in draw_line()
* CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
* CVE-2019-13222: unchecked NULL returned by get_window()
* CVE-2019-13223: division by zero in predict_point()

References

CVE: CVE-2019-13223
CVE: CVE-2019-13222
CVE: CVE-2019-13221
CVE: CVE-2019-13220
CVE: CVE-2019-13219
CVE: CVE-2019-13218
CVE: CVE-2019-13217
Bugzilla: 1216478 VUL-0: TRACKERBUG: stb: Several memory access violations in stb_image and stb_vorbis

Packages

stb-20240910-bp156.2.3.1