Lucene search

[email protected]CVE-2023-43281

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-43281

2023-10-2518:17:31

CWE-415

[email protected]

web.nvd.nist.gov

cve-2023-43281

double free vulnerability

nothings stb image.h

denial of service

stbi_load_gif_main

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

Affected configurations

NVD

Node

nothingsstb_image.hMatch2.28

CPENameOperatorVersion
nothings:stb_image.hnothings stb image.heq2.28

CPE	Name	Operator	Version
nothings:stb_image.h	nothings stb image.h	eq	2.28

References

gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac

github.com/peccc/double-stb

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2023-43281

debiancve1 prion1 veracode1 ubuntucve1 nvd1 cvelist1 nessus3 fedora6 openvas6