CVE-2018-1000050

NameCVE-2018-1000050
DescriptionSean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libstb (PTS)buster (security), buster, buster (lts)0.0~git20180212.15.e6afb9c-1+deb10u1fixed
bullseye0.0~git20200713.b42009b+ds-1fixed
bookworm0.0~git20220908.8b5f1f3+ds-1fixed
sid, trixie0.0~git20240715.f7f20f39fe4f+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libstbsource(unstable)(not affected)

Notes

- libstb <not-affected> (Fixed before initial upload to Debian)
https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio

Search for package or bug name: Reporting problems