CVE-2021-37789Out-of-bounds Write in Libstb

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 52.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian LibstbDebian LinuxSTB Project STB
Timeline
PublishedNov 2
Latest updateNov 9

Description

stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

debiandebian/libstb< libstb 0.0~git20210910.af1a5bc+ds-1 (bookworm)
NVDstb_project/stb2.27

Also affects: Debian Linux 10.0

🔴Vulnerability Details

2
OSV
CVE-2021-37789: stb_image2022-11-02
GHSA
GHSA-3fjh-5fm6-fqmw: stb_image2022-11-02

📋Vendor Advisories

2
Red Hat
stb_image: heap-based buffer overflow2022-11-09
Debian
CVE-2021-37789: libstb - stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Inf...2021