stb) Latest (<= commit f056911) stbhw_build_tileset_from_image Out-of-Bounds Readinfo

Title	Open Source STB Project (https://github.com/nothings/stb) Latest (<= commit f056911) stbhw_build_tileset_from_image Out-of-Bounds Read
Description	Out-of-Bounds read via user-controlled index. The variable `w` is supplied by the user and directly influences the arithmetic used to determine which element of `data` is read into the local `header` array. If `w` is set to an unexpected or small value, the computed index (`w3 - 1 - i`) can fall outside the bounds of the provided `data` buffer, resulting in an out-of-bounds read. STBHW_EXTERN int stbhw_build_tileset_from_image(stbhw_tileset ts, unsigned char data, int stride, int w, int h) { // ... unsigned char header[9]; // ... for (i = 0; i < 9; ++i) { // w is controlled by the user, affecting the read index: header[i] = data[w3 - 1 - i] ^ (i * 55); } // ... }
User	ninpwn (UID 82253)
Submission	03/27/2025 03:49 PM (3 months ago)
Moderation	04/07/2025 12:56 PM (11 days later)
Status	Accepted
VulDB Entry	303684 [Nothings stb up to f056911 Header Array stbhw_build_tileset_from_image w out-of-bounds]
Points	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!