7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.4%
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
github.com/nothings/stb/issues/1166
github.com/nothings/stb/issues/1225
github.com/nothings/stb/pull/1223
lists.fedoraproject.org/archives/list/[email protected]/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
lists.fedoraproject.org/archives/list/[email protected]/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
lists.fedoraproject.org/archives/list/[email protected]/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
lists.fedoraproject.org/archives/list/[email protected]/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
lists.fedoraproject.org/archives/list/[email protected]/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
lists.fedoraproject.org/archives/list/[email protected]/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
lists.fedoraproject.org/archives/list/[email protected]/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
lists.fedoraproject.org/archives/list/[email protected]/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
lists.fedoraproject.org/archives/list/[email protected]/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.4%