Nothings

Stb Image.H

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-43281

Exploit
  • EPSS 0.21%
  • Veröffentlicht 25.10.2023 18:17:31
  • Zuletzt bearbeitet 21.11.2024 08:23:56

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

8.8

CVE-2023-45664

  • EPSS 0.14%
  • Veröffentlicht 21.10.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:27:10

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` v...

9.8

CVE-2023-45666

  • EPSS 0.13%
  • Veröffentlicht 21.10.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:27:10

stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it d...

7.5

CVE-2023-45667

  • EPSS 0.1%
  • Veröffentlicht 21.10.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:27:10

stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertica...

7.1

CVE-2023-45661

  • EPSS 0.08%
  • Veröffentlicht 21.10.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:27:09

stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer ou...

8.1

CVE-2023-45662

  • EPSS 0.11%
  • Veröffentlicht 21.10.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:27:09

stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip...

5.5

CVE-2023-45663

  • EPSS 0.11%
  • Veröffentlicht 21.10.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:27:10

stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. Th...

5.5

CVE-2023-43898

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.10.2023 21:15:10
  • Zuletzt bearbeitet 17.06.2025 16:15:23

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

6.5

CVE-2022-28041

Exploit
  • EPSS 0.92%
  • Veröffentlicht 15.04.2022 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:56:39

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

8.8

CVE-2022-28042

Exploit
  • EPSS 0.38%
  • Veröffentlicht 15.04.2022 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:56:40

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.