CVE-2022-28041 — Integer Overflow or Wraparound in STB Image.h

CWE-190 — Integer Overflow or Wraparound6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 22.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux Fedoraproject Fedora Nothings STB Image.h

Timeline

PublishedApr 15

Latest updateApr 16

Description

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDnothings/stb_image.h2.27

Also affects: Debian Linux 10.0, Fedora 34, 35, 36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-q4r7-ggcw-952w: stb_image↗2022-04-16

▶

OSV

CVE-2022-28041: stb_image↗2022-04-15

▶

CVEList

CVE-2022-28041: stb_image↗2022-04-15

▶

📋Vendor Advisories

Red Hat

stb: integer overflow in stbi__jpeg_decode_block_prog_dc() can lead to DoS↗2022-02-17

▶

Debian

CVE-2022-28041: libstb - stb_image.h v2.27 was discovered to contain an integer overflow via the function...↗2022

▶