Skip to main content

Stb Image H CVE-2023-45666

CRITICAL
Double Free (CWE-415)
2023-10-21 security-advisories@github.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 21, 2023 - 00:15 nvd
CRITICAL 9.8

DescriptionNVD

stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guarantees about the content of output value *delays upon failure. Although it sets *delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to stbi__load_gif_main_outofmem only frees possibly allocated memory in *delays without resetting it to zero. Thus it would be fair to say the caller of stbi__load_gif_main is responsible to free the allocated memory in *delays only if stbi__load_gif_main returns a non null value. However at the same time the function may return null value, but fail to free the memory in *delays if internally stbi__convert_format is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free delays only when stbi__load_gif_main didn’t fail or to a double-free if the delays is always freed

AnalysisAI

stb_image is a single file MIT licensed library for processing images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-415. stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guarantees about the content of output value *delays upon failure. Although it sets *delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to stbi__load_gif_main_outofmem only frees possibly allocated memory in *delays without resetting it to zero. Thus it would be fair to say the caller of stbi__load_gif_main is responsible to free the allocated memory in *delays only if stbi__load_gif_main returns a non null value. However at the same time the function may return null value, but fail to free the memory in *delays if internally stbi__convert_format is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free delays only when stbi__load_gif_main didn’t fail or to a double-free if the delays is always freed Affected products include: Nothings Stb Image.H.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-19777 HIGH POC
8.8 Dec 13

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read i

CVE-2022-28042 HIGH POC
8.8 Apr 15

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated

CVE-2018-16981 HIGH POC
8.8 Sep 12

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__o

CVE-2021-42716 HIGH POC
7.1 Oct 21

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication

CVE-2023-43281 MEDIUM POC
6.5 Oct 25

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a cra

CVE-2022-28041 MEDIUM POC
6.5 Apr 15

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated

CVE-2019-20056 MEDIUM POC
6.5 Dec 29

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__s

CVE-2023-43898 MEDIUM POC
5.5 Oct 03

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medi

CVE-2023-45664 HIGH
8.8 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-45662 HIGH
8.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.1), this vulnerabilit

CVE-2023-45667 HIGH
7.5 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2023-45661 HIGH
7.1 Oct 21

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.1), this vulnerabilit

Share

CVE-2023-45666 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy