CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45666 – Possible double-free or memory leak in stbi__load_gif_main in stb_image
https://notcve.org/view.php?id=CVE-2023-45666
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45664 – Double-free in stbi__load_gif_main_outofmem in stb_image
https://notcve.org/view.php?id=CVE-2023-45664
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45663 – Disclosure of uninitialized memory in stbi__tga_load in stb_image
https://notcve.org/view.php?id=CVE-2023-45663
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1664 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L5936C10-L5936C20 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7221 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists&# • CWE-908: Use of Uninitialized Resource •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45662 – Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image
https://notcve.org/view.php?id=CVE-2023-45662
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. Cuando `stbi_set_flip_vertically_on_load` se establece en `TRUE` y `req_comp` se establece en un número que no coincide con el número real de componentes por píxel, la librería intenta voltear la imagen verticalmente. Un archivo de imagen manipulado puede provocar una lectura fuera de límites de `memcpy` porque los `bytes_per_pixel` utilizados para calcular `bytes_per_row` no coinciden con las dimensiones reales de la matriz de imágenes. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1235 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45661 – Wild address read in stbi__gif_load_next in stb_image
https://notcve.org/view.php?id=CVE-2023-45661
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. Un archivo de imagen manipulado puede provocar una lectura de memcpy fuera de límites en `stbi__gif_load_next`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6817 https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L7021-L7022 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR • CWE-125: Out-of-bounds Read •