Vulnerability CVE-2021-42715: Information

Description

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42715
Published: Oct. 21, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-835

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/nothings/stb/issues/1224
  • Issue Tracking
  • Third Party Advisory
https://github.com/nothings/stb/pull/1223
  • Third Party Advisory
[debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update
  • Mailing List
  • Third Party Advisory
FEDORA-2021-001f25d986
    FEDORA-2021-d1446cd1ac
      FEDORA-2021-f8ba4a690e
        FEDORA-2021-0511a38484
          FEDORA-2021-082bea5b34
            FEDORA-2021-3fc69d203c
              FEDORA-2021-8ea648186c
                FEDORA-2021-16d848834d
                  FEDORA-2022-832689aa6b

                      1. Configuration 1

                        cpe:2.3:a:nothings:stb_image.h:*:*:*:*:*:*:*:*
                        Start including
                        1.33
                        End including
                        2.27

                        Configuration 2

                        cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
                        cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
                        cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

                        Configuration 3

                        cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.3
                    Back to top