Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-45661
HistoryOct 21, 2023 - 12:00 a.m.

CVE-2023-45661

2023-10-2100:00:00
ubuntu.com
ubuntu.com
8
stb_image
mit
image processing
vulnerability
out of bounds
memcpy
leak
memory allocation

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

30.6%

stb_image is a single file MIT licensed library for processing images. A
crafted image file may trigger out of bounds memcpy read in
stbi__gif_load_next. This happens because two_back points to a memory
address lower than the start of the buffer out. This issue may be used to
leak internal memory allocation information.

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

30.6%