6.5

CVE-2023-43281

Exploit
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NothingsStb Image.H Version2.28
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.03% 0.592
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac
Third Party Advisory
Exploit
https://github.com/peccc/double-stb
Third Party Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/