CVE-2023-45664 — Double Free in STB Image.h

CWE-415 — Double Free4 documents4 sources

Severity

8.8HIGHNVD

CNA7.3

EPSS

0.2%

top 58.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nothings STB Nothings STB Image.h

Timeline

PublishedOct 21

Description

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnothings/stb_image.h2.28

▶CVEListV5nothings/stb2.28

🔴Vulnerability Details

OSV

CVE-2023-45664: stb_image is a single file MIT licensed library for processing images↗2023-10-21

▶

CVEList

Double-free in stbi__load_gif_main_outofmem in stb_image↗2023-10-20

▶

📋Vendor Advisories

Debian

CVE-2023-45664: libstb - stb_image is a single file MIT licensed library for processing images. A crafted...↗2023

▶