Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stb_image\.h
(Nothings)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-21 | CVE-2023-45667 | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | Stb_image\.h | 7.5 | ||
| 2023-10-25 | CVE-2023-43281 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | Stb_image\.h | 6.5 | ||
| 2018-09-12 | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | Debian_linux, Stb_image\.h | 8.8 | ||
| 2019-12-29 | CVE-2019-20056 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | Stb_image\.h | N/A | ||
| 2019-12-13 | CVE-2019-19777 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | Libsixel, Stb_image\.h | N/A |