CVE-2023-45663 Disclosure of uninitialized memory in stbi__tga_load in stb_image

2023-10-2023:26:13

CWE-908

GitHub_M

github.com

cve-2023-45663

stb_image

memory disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the stbi__hdr_load function and in the stbi__tga_load function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:nothings:stb_image:*:*:*:*:*:*:*:*"
    ],
    "vendor": "nothings",
    "product": "stb_image",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.28"
      }
    ],
    "defaultStatus": "unknown"
  }
]