Skip to main content

Stb Image H CVE-2023-43281

MEDIUM
Double Free (CWE-415)
2023-10-25 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 25, 2023 - 18:17 nvd
MEDIUM 6.5

DescriptionNVD

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

AnalysisAI

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-415. Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Affected products include: Nothings Stb Image.H.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-19777 HIGH POC
8.8 Dec 13

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read i

CVE-2022-28042 HIGH POC
8.8 Apr 15

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated

CVE-2018-16981 HIGH POC
8.8 Sep 12

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__o

CVE-2021-42716 HIGH POC
7.1 Oct 21

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication

CVE-2022-28041 MEDIUM POC
6.5 Apr 15

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated

CVE-2019-20056 MEDIUM POC
6.5 Dec 29

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__s

CVE-2023-45666 CRITICAL
9.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-43898 MEDIUM POC
5.5 Oct 03

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medi

CVE-2023-45664 HIGH
8.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-45662 HIGH
8.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.1), this vulnerabilit

CVE-2023-45667 HIGH
7.5 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-45661 HIGH
7.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.1), this vulnerabilit

Share

CVE-2023-43281 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy