7 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-28042

https://notcve.org/view.php?id=CVE-2022-28042

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Se ha detectado que stb_image.h versión v2.27, contenía un uso de memoria previamente liberada en la región heap de la memoria por medio de la función stbi__jpeg_huff_decode • https://github.com/nothings/stb/issues/1289 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-28041

https://notcve.org/view.php?id=CVE-2022-28041

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que stb_image.h versión v2.27, contiene un desbordamiento de enteros por medio de la función stbi__jpeg_decode_block_prog_dc. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de vectores no especificados • https://github.com/nothings/stb/issues/1292 https://github.com/nothings/stb/pull/1297 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https: • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 2

CVE-2021-42716

https://notcve.org/view.php?id=CVE-2021-42716

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. Se ha detectado un problema en stb stb_image.h versión 2.27. El cargador de PNM interpretaba incorrectamente los archivos PGM de 16 bits como de 8 bits cuando los convertía a RGBA, conllevando a un desbordamiento del búfer cuando se reinterpreta posteriormente el resultado como un búfer de 16 bits. • https://github.com/nothings/stb/issues/1166 https://github.com/nothings/stb/issues/1225 https://github.com/nothings/stb/pull/1223 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY https://lists.fedoraproject.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-42715

https://notcve.org/view.php?id=CVE-2021-42715

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. Se ha detectado un problema en stb stb_image.h versiones 1.33 hasta 2.27. El cargador HDR analizaba líneas de exploración RLE truncadas al final del archivo como una secuencia infinita de ejecuciones de longitud cero. • https://github.com/nothings/stb/issues/1224 https://github.com/nothings/stb/pull/1223 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-20056

https://notcve.org/view.php?id=CVE-2019-20056

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. stb_image.h (también se conoce como stb image loader) versión 2.23, como es usado en libsixel y otros productos, tiene un fallo de aserción en stbi__shiftsigned. • https://github.com/saitoha/libsixel/issues/126 • CWE-617: Reachable Assertion •