D0Razi

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A vulnerability exists in Nothings stb up to version 1.22 related to resource allocation within the `setup free` function in the `stb vorbis.c` file. This issue is potentially exploitable remotely. The exploit is publicly available. Recommendations Versions prior to 1.22: There is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.22 Description A security flaw exists in Nothings stb, specifically within the `start decoder` function of the `stb vorbis.c` file. This flaw results in an out-of-bounds write, and can be exploited remotely. The exploit has been publicly released. Recommendations Versions prior to 1.23: There is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.26 Description A flaw exists in Nothings stb, specifically within the `stbtt buf get8` function located in the `stb truetype.h` library of the TTF File Handler component. This issue can lead to an out-of-bounds read. The vulnerability is remotely exploitable and has been publicly disclosed. The vendor was notified but did not respond. Recommendations Versions prior to 1.26 should be updated.

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 1.26 Description A flaw exists in Nothings stb, specifically within the TTF File Handler component, impacting the `stbtt InitFont internal` function in the `stb truetype.h` library. A manipulation of the function can lead to an out-of-bounds read. Remote exploitation is possible, and details of the exploit have been publicly disclosed. Attempts to contact the vendor regarding this issue were unsuccessful. Recommendations Update Nothings stb to a version newer than 1.26.

Name of the Vulnerable Software and Affected Versions Nothings stb versions up to 2.30 Description A flaw exists in Nothings stb, specifically within the GIF Decoder component, affecting the `stbi gif load next` function in the `stb image.h` library. This can lead to a denial of service. The exploit has been publicly disclosed. The vendor was informed but did not respond. Recommendations Update to a version later than 2.30.

**Name of the Vulnerable Software and Affected Versions** Nothings stb versions prior to 2.31 **Description** A flaw exists in Nothings stb up to version 2.30 related to the Multi-frame GIF File Handler component. Specifically, the issue resides within the `stbi load gif main` function of the `stb image.h` file and results in a double free condition. Local access is required for exploitation. The exploit has been publicly released. The vendor was notified but did not provide a response. **Recommendations** Update Nothings stb to version 2.31 or later. As a temporary workaround, consider restricting access to the `stbi load gif main` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** stb image versions prior to 2.31 **Description** A flaw exists in Nothings stb image, specifically within the Multi-frame GIF File Handler component. The issue resides in the `stbi gif load next` function of the `stb image.h` file and results in a heap-based buffer overflow. Exploitation requires local access. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** Update to a version prior to 2.31. As a temporary workaround, consider restricting the use of the Multi-frame GIF File Handler component until a patch is available.