Skip to main content

Stb Image H CVE-2023-43898

MEDIUM
NULL Pointer Dereference (CWE-476)
2023-10-03 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 03, 2023 - 21:15 nvd
MEDIUM 5.5

DescriptionNVD

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

AnalysisAI

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. Affected products include: Nothings Stb Image.H.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2019-19777 HIGH POC
8.8 Dec 13

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read i

CVE-2022-28042 HIGH POC
8.8 Apr 15

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated

CVE-2018-16981 HIGH POC
8.8 Sep 12

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__o

CVE-2021-42716 HIGH POC
7.1 Oct 21

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication

CVE-2023-43281 MEDIUM POC
6.5 Oct 25

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a cra

CVE-2022-28041 MEDIUM POC
6.5 Apr 15

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated

CVE-2019-20056 MEDIUM POC
6.5 Dec 29

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__s

CVE-2023-45666 CRITICAL
9.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2023-45664 HIGH
8.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-45662 HIGH
8.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.1), this vulnerabilit

CVE-2023-45667 HIGH
7.5 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-45661 HIGH
7.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.1), this vulnerabilit

Share

CVE-2023-43898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy