Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stb_image\.h
(Nothings)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-21 | CVE-2023-45666 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main`... | Stb_image\.h | 9.8 | ||
| 2023-10-21 | CVE-2023-45667 | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | Stb_image\.h | 7.5 | ||
| 2018-09-12 | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | Debian_linux, Stb_image\.h | 8.8 | ||
| 2019-12-29 | CVE-2019-20056 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | Stb_image\.h | N/A | ||
| 2019-12-13 | CVE-2019-19777 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | Libsixel, Stb_image\.h | N/A |