PRIOn knowledge basePRION:CVE-2023-45662

HistoryOct 21, 2023 - 12:15 a.m.

Out-of-bounds

2023-10-2100:15:00

PRIOn knowledge base

www.prio-n.com

stb_image

out-of-bounds

mit licensed

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

stb_image is a single file MIT licensed library for processing images. When stbi_set_flip_vertically_on_load is set to TRUE and req_comp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger memcpy out-of-bounds read because bytes_per_pixel used to calculate bytes_per_row doesn’t match the real image array dimensions.

CPENameOperatorVersion
stb_image.heq2.28

CPE	Name	Operator	Version
	stb_image.h	eq	2.28

References

github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h

lists.fedoraproject.org/archives/list/[email protected]/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/

lists.fedoraproject.org/archives/list/[email protected]/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/

lists.fedoraproject.org/archives/list/[email protected]/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/

securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/