8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.9%
libstb.so is vulnerable to Out-of-bounds Read. The vulnerability is caused when stbi_set_flip_vertically_on_load
is set to TRUE
and req_comp
is set to a number that does not match the real number of components per pixel, the library attempts to flip the image vertically. An attacker can craft an image file that can trigger memcpy
out-of-bounds read because bytes_per_pixel
used to calculate bytes_per_row
does not match the real image array dimensions.
CPE | Name | Operator | Version |
---|---|---|---|
libstb.so | eq | 0.0 | |
libstb.so | eq | 0.0 | |
stb:3.19 | eq | 0_git20220908-r3 | |
stb:edge | eq | 0_git20220908-r1 | |
stb:edge | eq | 0_git20220908-r0 | |
stb:edge | eq | 0_git20220908-r3 |
github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235
lists.fedoraproject.org/archives/list/[email protected]/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
lists.fedoraproject.org/archives/list/[email protected]/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
lists.fedoraproject.org/archives/list/[email protected]/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
25.9%