VDB
GCVE-110-MAGEIA-2024-186
GCVE-110-MAGEIA-2024-186
Advisory Published
stb_vorbis is a single file MIT licensed library for processing ogg
vorbis files. A crafted file may trigger memory write past an allocated
heap buffer in `start_decoder`. The root cause is a potential integer
overflow in `sizeof(char*) * (f->comment_list_length)` which may make
`setup_malloc` allocate less memory than required. Since there is
another integer overflow an attacker may overflow it too to force
`setup_malloc` to return 0 and make the exploit more reliable. This
issue may lead to code execution.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | stb | 0-0.git20230129.4.1.mga9 (unaffected), 0 (affected), 0 (affected), 0-0.git20230129.4.1.mga9 (unaffected) | — |
| Mageia | systemd | 0 (affected), 253.24-1.mga9 (unaffected) | — |
Aliases
References
Updated systemd packages fix bugs
advisory
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.