CVE-2021-28021Out-of-bounds Write in Libstb

CWE-787Out-of-bounds WriteCWE-20Improper Input ValidationCWE-125Out-of-bounds Read5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 59.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian LibstbDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedOct 15
Latest updateMay 24

Description

Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/libstb< libstb 0.0~git20220908.8b5f1f3+ds-1 (bookworm)
NVDstb_project/stb2.26

Also affects: Debian Linux 10.0, Fedora 34, 35

🔴Vulnerability Details

2
GHSA
GHSA-w9gr-856x-c2gv: Buffer overflow vulnerability in function stbi__extend_receive in stb_image2022-05-24
OSV
CVE-2021-28021: Buffer overflow vulnerability in function stbi__extend_receive in stb_image2021-10-15

📋Vendor Advisories

2
Red Hat
stb: buffer overflow in stbi__extend_receive() in stb_image.h via a crafted JPEG file2021-03-04
Debian
CVE-2021-28021: libstb - Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in...2021