Описание
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libstb | fixed | 0.0~git20210910.af1a5bc+ds-1 | package | |
| libstb | no-dsa | bullseye | package | |
| libstb | no-dsa | buster | package |
Примечания
https://github.com/nothings/stb/issues/790
Potentially also affects libsixel, mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel
https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7
Fix might cause a regression:
https://github.com/nothings/stb/pull/960#pullrequestreview-615017993
EPSS
Связанные уязвимости
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
Уязвимость компонента stb_image.h библиотек для C/C++ Libstb, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
EPSS