Skip to main content

Stb Image H CVE-2019-19777

HIGH
Out-of-bounds Read (CWE-125)
2019-12-13 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 13, 2019 - 02:15 cve.org
HIGH 8.8

DescriptionCVE.org

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

AnalysisAI

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. Affected products include: Nothings Stb Image.H, Saitoha Libsixel.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2022-28042 HIGH POC
8.8 Apr 15

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated

CVE-2018-16981 HIGH POC
8.8 Sep 12

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__o

CVE-2021-42716 HIGH POC
7.1 Oct 21

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication

CVE-2023-43281 MEDIUM POC
6.5 Oct 25

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a cra

CVE-2022-28041 MEDIUM POC
6.5 Apr 15

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated

CVE-2019-20056 MEDIUM POC
6.5 Dec 29

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__s

CVE-2023-45666 CRITICAL
9.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-43898 MEDIUM POC
5.5 Oct 03

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medi

CVE-2023-45664 HIGH
8.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-45662 HIGH
8.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.1), this vulnerabilit

CVE-2023-45667 HIGH
7.5 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-45661 HIGH
7.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.1), this vulnerabilit

Share

CVE-2019-19777 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy