CVE-2023-45663 in stb_imageinfo

Zusammenfassung

von MITRE • 25.10.2023

stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub, Inc.

Reservieren

10.10.2023

Veröffentlichung

25.10.2023

Moderieren

akzeptiert

Eintrag

VDB-243096

CPE

bereit

EPSS

0.00657

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!