stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in start_decoder. In that case the function returns early, but some of the pointers in f->comment_list are left initialized and later setup_free is called on these pointers in vorbis_deinit. This issue may lead to code execution.
The product calls free() twice on the same memory address.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Stb_vorbis.c | Nothings | 1.22 (including) | 1.22 (including) |
| Libstb | Ubuntu | bionic | * |
| Libstb | Ubuntu | focal | * |
| Libstb | Ubuntu | lunar | * |
| Libstb | Ubuntu | mantic | * |
| Libstb | Ubuntu | oracular | * |
| Libstb | Ubuntu | trusty | * |
| Libstb | Ubuntu | xenial | * |