Filtered by vendor Nothings Subscriptions
Filtered by product Stb Image.h Subscriptions
Total 15 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-45667 1 Nothings 1 Stb Image.h 2024-11-21 5.3 Medium
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
CVE-2023-45666 1 Nothings 1 Stb Image.h 2024-11-21 7.3 High
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
CVE-2023-45664 1 Nothings 1 Stb Image.h 2024-11-21 7.3 High
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
CVE-2023-45663 1 Nothings 1 Stb Image.h 2024-11-21 5.3 Medium
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
CVE-2023-45662 1 Nothings 1 Stb Image.h 2024-11-21 6.5 Medium
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.
CVE-2023-45661 1 Nothings 1 Stb Image.h 2024-11-21 6.5 Medium
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
CVE-2023-43898 1 Nothings 1 Stb Image.h 2024-11-21 5.5 Medium
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
CVE-2023-43281 1 Nothings 1 Stb Image.h 2024-11-21 6.5 Medium
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
CVE-2022-28042 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 8.8 High
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
CVE-2022-28041 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 6.5 Medium
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2021-42716 2 Fedoraproject, Nothings 2 Fedora, Stb Image.h 2024-11-21 7.1 High
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
CVE-2021-42715 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 5.5 Medium
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
CVE-2019-20056 1 Nothings 1 Stb Image.h 2024-11-21 6.5 Medium
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2019-19777 2 Libsixel Project, Nothings 2 Libsixel, Stb Image.h 2024-11-21 8.8 High
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2018-16981 2 Debian, Nothings 2 Debian Linux, Stb Image.h 2024-11-21 8.8 High
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.