Stb Image.h@2.28 Security Vulnerabilities and Issues — Stb Image.h@2.28 CVE List

Lucene search

NothingsStb Image.h2.28

8 matches found

CVE•added 2023/10/03 9:15 p.m.•105 views

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

5.5CVSS6.8AI score0.00024EPSS

CVE•added 2023/10/21 12:15 a.m.•78 views

CVE-2023-45666

stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guarantees about the content of output value *delays upon failure. Although it sets *delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF ...

9.8CVSS8.3AI score0.00128EPSS

CVE•added 2023/10/21 12:15 a.m.•64 views

CVE-2023-45661

stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in stbi__gif_load_next. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory a...

7.1CVSS6.5AI score0.00083EPSS

CVE•added 2023/10/21 12:15 a.m.•63 views

CVE-2023-45663

stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not ...

5.5CVSS5.5AI score0.00109EPSS

CVE•added 2023/10/21 12:15 a.m.•63 views

CVE-2023-45664

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger stbi__load_gif_main_outofmem attempt to double-free the out variable. This happens in stbi__load_gif_main because when the layers * stride value is zero the behavior is implementation defined, bu...

8.8CVSS7.8AI score0.00141EPSS

CVE•added 2023/10/21 12:15 a.m.•47 views

CVE-2023-45662

stb_image is a single file MIT licensed library for processing images. When stbi_set_flip_vertically_on_load is set to TRUE and req_comp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger...

8.1CVSS6.9AI score0.00108EPSS

CVE•added 2023/10/21 12:15 a.m.•35 views

CVE-2023-45667

stb_image is a single file MIT licensed library for processing images. If stbi__load_gif_main in stbi_load_gif_from_memory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbi__vertical_flip_sli...

7.5CVSS6.2AI score0.00103EPSS

CVE•added 2023/10/25 6:17 p.m.•34 views

CVE-2023-43281

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

6.5CVSS7.2AI score0.00212EPSS