Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-45667

stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

Published

2023-10-21T00:15:09.143

Last Modified

2024-11-21T08:27:10.547

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-476
Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nothings	stb_image.h	2.28	Yes

References

https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454 Third Party Advisory ([email protected])
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448 Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ ([email protected])
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ Third Party Advisory ([email protected])
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ (af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)