Published: 21/10/2023 Updated: 04/11/2023

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 0

stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nothings stb image.h 2.28

Debian Bug report logs - #1054911 libstb: CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-45676 CVE-2023-45677 CVE-2023-45678 CVE-2023-45679 CVE-2023-45680 CVE-2023-45681 CVE-2023-45682 Package: libstb; Maintainer for libstb is Yangfl <mmyangfl@gmailcom>; Repo ...

CWE-125 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022 https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054911 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45661

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect