Lucene search

[email protected]CVE-2023-43898

HistoryOct 03, 2023 - 9:15 p.m.

CVE-2023-43898

2023-10-0321:15:10

CWE-476

[email protected]

web.nvd.nist.gov

cve-2023

stb 2.28

null pointer dereference

dos

pic file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

Affected configurations

NVD

Node

nothingsstb_image.hMatch2.28

CPENameOperatorVersion
nothings:stb_image.hnothings stb image.heq2.28

CPE	Name	Operator	Version
nothings:stb_image.h	nothings stb image.h	eq	2.28

References

github.com/nothings/stb/issues/1452

github.com/nothings/stb/pull/1454

github.com/peccc/null-stb

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for CVE-2023-43898

ubuntucve1 debiancve1 veracode1 nvd1 alpinelinux1 cvelist1 prion1 fedora3 openvas3