CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37789
https://notcve.org/view.php?id=CVE-2021-37789
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. stb_image.h 2.27 tiene un búfer basado en montón en stbi__jpeg_load, lo que provoca divulgación de información o denegación de servicio. • https://github.com/nothings/stb/issues/1178 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28048
https://notcve.org/view.php?id=CVE-2022-28048
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Se ha detectado que STB versión v2.27, contiene un desplazamiento de enteros de tamaño no válido en el componente stbi__jpeg_decode_block_prog_ac • https://github.com/nothings/stb/issues/1293 https://github.com/nothings/stb/pull/1297 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28021
https://notcve.org/view.php?id=CVE-2021-28021
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Una vulnerabilidad de desbordamiento del búfer en la función stbi__extend_receive en el archivo stb_image.h en stb versión 2.26, por medio de un archivo JPEG diseñado • https://github.com/nothings/stb/issues/1108 https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY https://lists.fedoraproject.org/archives/list/package-ann • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13223
https://notcve.org/view.php?id=CVE-2019-13223
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Una aserción alcanzable en la función lookup1_values ??en stb_vorbis hasta el 04-03-2019, permite a un atacante causar una denegación de servicio mediante la apertura de un archivo Ogg Vorbis diseñado. • http://nothings.org/stb_vorbis https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 https://github.com/nothings/stb/commits/master/stb_vorbis.c https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13219
https://notcve.org/view.php?id=CVE-2019-13219
A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. Una desreferencia del puntero NULL en la función get_window en stb_vorbis hasta el 04-03-2019, permite a un atacante causar una denegación de servicio mediante la apertura de un archivo Ogg Vorbis diseñado. • http://nothings.org/stb_vorbis https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 https://github.com/nothings/stb/commits/master/stb_vorbis.c https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html • CWE-476: NULL Pointer Dereference •