SDL2_sound-devel-2.0.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15704 Final 1 1 2025-01-14T00:00:00Z current 2025-01-14T00:00:00Z 2025-01-14T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z SDL2_sound-devel-2.0.4-1.1 on GA media These are all security issues fixed in the SDL2_sound-devel-2.0.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15704 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-45676/ SUSE CVE CVE-2023-45676 page https://www.suse.com/security/cve/CVE-2023-45677/ SUSE CVE CVE-2023-45677 page https://www.suse.com/security/cve/CVE-2023-45681/ SUSE CVE CVE-2023-45681 page openSUSE Tumbleweed SDL2_sound-devel-2.0.4-1.1 libSDL2_sound2-2.0.4-1.1 SDL2_sound-devel-2.0.4-1.1 as a component of openSUSE Tumbleweed libSDL2_sound2-2.0.4-1.1 as a component of openSUSE Tumbleweed stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. CVE-2023-45676 openSUSE Tumbleweed:SDL2_sound-devel-2.0.4-1.1 openSUSE Tumbleweed:libSDL2_sound2-2.0.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45676.html CVE-2023-45676 https://bugzilla.suse.com/1216478 SUSE Bug 1216478 stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. CVE-2023-45677 openSUSE Tumbleweed:SDL2_sound-devel-2.0.4-1.1 openSUSE Tumbleweed:libSDL2_sound2-2.0.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45677.html CVE-2023-45677 https://bugzilla.suse.com/1216478 SUSE Bug 1216478 stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. CVE-2023-45681 openSUSE Tumbleweed:SDL2_sound-devel-2.0.4-1.1 openSUSE Tumbleweed:libSDL2_sound2-2.0.4-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45681.html CVE-2023-45681 https://bugzilla.suse.com/1216478 SUSE Bug 1216478