Stb
by Nothings
Source repositories
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45664 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is… | |||
| CVE-2023-45663 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its… | |||
| CVE-2023-45662 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A… | |||
| CVE-2023-45661 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to… | |||
| CVE-2023-43898 | 0.00 | — | 0.00 | Oct 3, 2023 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | |||
| CVE-2021-37789 | 0.00 | — | 0.01 | Nov 2, 2022 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | |||
| CVE-2022-28048 | 0.00 | — | 0.02 | Apr 15, 2022 | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | |||
| CVE-2022-28041 | 0.00 | — | 0.02 | Apr 15, 2022 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||
| CVE-2022-28042 | 0.00 | — | 0.02 | Apr 15, 2022 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | |||
| CVE-2022-25516 | 0.00 | — | 0.01 | Mar 17, 2022 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | |||
| CVE-2022-25515 | 0.00 | — | 0.01 | Mar 17, 2022 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | |||
| CVE-2020-6617 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | |||
| CVE-2020-6618 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. | |||
| CVE-2020-6619 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | |||
| CVE-2020-6621 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. | |||
| CVE-2020-6623 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | |||
| CVE-2018-1000050 | Hig | 0.00 | 8.8 | 0.02 | Feb 9, 2018 | Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a… |
- CVE-2023-45664Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is…
- CVE-2023-45663Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its…
- CVE-2023-45662Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A…
- CVE-2023-45661Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to…
- CVE-2023-43898Oct 3, 2023risk 0.00cvss —epss 0.00
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
- CVE-2021-37789Nov 2, 2022risk 0.00cvss —epss 0.01
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
- CVE-2022-28048Apr 15, 2022risk 0.00cvss —epss 0.02
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
- CVE-2022-28041Apr 15, 2022risk 0.00cvss —epss 0.02
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
- CVE-2022-28042Apr 15, 2022risk 0.00cvss —epss 0.02
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
- CVE-2022-25516Mar 17, 2022risk 0.00cvss —epss 0.01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
- CVE-2022-25515Mar 17, 2022risk 0.00cvss —epss 0.01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
- CVE-2020-6617Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
- CVE-2020-6618Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
- CVE-2020-6619Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
- CVE-2020-6621Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
- CVE-2020-6623Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
- risk 0.00cvss 8.8epss 0.02
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a…
Page 2 of 2