CVE-2022-28042Use After Free in STB Image.h

CWE-416Use After Free6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian LinuxFedoraproject FedoraNothings STB Image.h
Timeline
PublishedApr 15
Latest updateApr 16

Description

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

Also affects: Debian Linux 10.0, Fedora 34, 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-mg9v-9rhj-95qm: stb_image2022-04-16
OSV
CVE-2022-28042: stb_image2022-04-15
CVEList
CVE-2022-28042: stb_image2022-04-15

📋Vendor Advisories

2
Red Hat
stb: use-after-free in stbi__jpeg_huff_decode()2022-02-17
Debian
CVE-2022-28042: libstb - stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the...2022
CVE-2022-28042 — Use After Free in Nothings STB Image.h | cvebase