UBUNTU-CVE-2025-3407

Source
https://ubuntu.com/security/CVE-2025-3407
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-3407.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-3407
Related
Published
2025-04-08T04:15:00Z
Modified
2025-04-23T14:53:38Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhwbuildtilesetfromimage. The manipulation of the argument hcount/vcount leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Ubuntu:20.04:LTS / libstb

Package

Name
libstb
Purl
pkg:deb/ubuntu/libstb@0.0~git20190817.1.052dce1-1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20190817.1.052dce1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libstb

Package

Name
libstb
Purl
pkg:deb/ubuntu/libstb@0.0~git20210910.af1a5bc+ds-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20200713.b42009b+ds-1
0.0~git20210910.af1a5bc+ds-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libstb

Package

Name
libstb
Purl
pkg:deb/ubuntu/libstb@0.0~git20240715.f7f20f39fe4f+ds-1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20230129.5736b15+ds-1.2
0.0~git20240715.f7f20f39fe4f+ds-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libstb

Package

Name
libstb
Purl
pkg:deb/ubuntu/libstb@0.0~git20230129.5736b15+ds-1.2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20230129.5736b15+ds-1
0.0~git20230129.5736b15+ds-1.1
0.0~git20230129.5736b15+ds-1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libstb

Package

Name
libstb
Purl
pkg:deb/ubuntu/libstb@0.0~git20240715.f7f20f39fe4f+ds-1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20240715.f7f20f39fe4f+ds-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}