CVE-2023-45667 — NULL Pointer Dereference in STB Image.h

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.1%

top 65.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nothings STB Nothings STB Image.h

Timeline

PublishedOct 21

Description

stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5nothings/stb2.28

▶NVDnothings/stb_image.h2.28

🔴Vulnerability Details

OSV

CVE-2023-45667: stb_image is a single file MIT licensed library for processing images↗2023-10-21

▶

CVEList

Null pointer dereference because of an uninitialized variable in stb_image↗2023-10-20

▶

📋Vendor Advisories

Debian

CVE-2023-45667: libstb - stb_image is a single file MIT licensed library for processing images. If `stbi...↗2023

▶