Vulnerability CVE-2021-42716: Information

Description

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42716
Published: Oct. 21, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-120

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/nothings/stb/issues/1225
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://github.com/nothings/stb/issues/1166
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://github.com/nothings/stb/pull/1223
  • Third Party Advisory
FEDORA-2021-001f25d986
    FEDORA-2021-d1446cd1ac
      FEDORA-2021-f8ba4a690e
        FEDORA-2021-0511a38484
          FEDORA-2021-082bea5b34
            FEDORA-2021-3fc69d203c
              FEDORA-2021-8ea648186c
                FEDORA-2021-16d848834d
                  FEDORA-2022-832689aa6b

                      1. Configuration 1

                        cpe:2.3:a:nothings:stb_image.h:2.27:*:*:*:*:*:*:*

                        Configuration 2

                        cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
                        cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
                        cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.3
                    Back to top