Vulnerability CVE-2021-42716: Information
Description
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/nothings/stb/issues/1225 |
|
https://github.com/nothings/stb/issues/1166 |
|
https://github.com/nothings/stb/pull/1223 |
|
FEDORA-2021-001f25d986 | |
FEDORA-2021-d1446cd1ac | |
FEDORA-2021-f8ba4a690e | |
FEDORA-2021-0511a38484 | |
FEDORA-2021-082bea5b34 | |
FEDORA-2021-3fc69d203c | |
FEDORA-2021-8ea648186c | |
FEDORA-2021-16d848834d | |
FEDORA-2022-832689aa6b |