VYPR

Stb Image.h

by Nothings

Source repositories

CVEs (16)

  • CVE-2019-19777HigDec 13, 2019
    risk 0.57cvss 8.8epss 0.01

    stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

  • CVE-2025-3409MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product…

  • CVE-2025-3408MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by…

  • CVE-2025-3407MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched…

  • CVE-2022-27938MedMar 26, 2022
    risk 0.36cvss 5.5epss 0.01

    stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.

  • CVE-2026-5185MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local…

  • CVE-2023-43281Oct 24, 2023
    risk 0.00cvss epss 0.01

    Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

  • CVE-2023-45667Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and…

  • CVE-2023-45666Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the…

  • CVE-2023-45664Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is…

  • CVE-2023-45663Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its…

  • CVE-2023-45662Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A…

  • CVE-2023-45661Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to…

  • CVE-2021-42716Oct 21, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service…

  • CVE-2021-42715Oct 21, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted…

  • CVE-2019-20056Dec 29, 2019
    risk 0.00cvss epss 0.01

    stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.