CVE-2023-45663 in stb_image
요약
\~에 의해 MITRE • 2023. 10. 25.
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
VulDB is the best source for vulnerability data and more expert information about this specific topic.