5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.9%
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
fedora | eq | 33 | |
fedora | eq | 34 | |
fedora | eq | 35 | |
stb_image.h | ge | 1.33 | |
stb_image.h | le | 2.27 |
github.com/nothings/stb/issues/1224
github.com/nothings/stb/pull/1223
lists.debian.org/debian-lts-announce/2023/01/msg00045.html
lists.fedoraproject.org/archives/list/[email protected]/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
lists.fedoraproject.org/archives/list/[email protected]/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
lists.fedoraproject.org/archives/list/[email protected]/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
lists.fedoraproject.org/archives/list/[email protected]/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
lists.fedoraproject.org/archives/list/[email protected]/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
lists.fedoraproject.org/archives/list/[email protected]/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
lists.fedoraproject.org/archives/list/[email protected]/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
lists.fedoraproject.org/archives/list/[email protected]/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
lists.fedoraproject.org/archives/list/[email protected]/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.9%