VYPR
Unrated severityNVD Advisory· Published Oct 20, 2023· Updated Feb 13, 2025

Null pointer dereference because of an uninitialized variable in stb_image

CVE-2023-45667

Description

stb_image is a single file MIT licensed library for processing images.

If stbi__load_gif_main in stbi_load_gif_from_memory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbi__vertical_flip_slices with the null pointer result value and the uninitialized z value. This may result in a program crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.

CVE-2023-45667 · VYPR