Описание
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
An out-of-bounds read flaw was found in stb. This flaw allows an attacker who can submit a specially crafted file to an application using stb's JPEG decoder to cause a denial of service or information disclosure, depending on how the application uses the vulnerable stb functionality. The highest threat from this vulnerability is to confidentiality and system availability.
Отчет
This flaw does not affect the versions of cogl shipped with Red Hat Enterprise Linux 7 or 8 because the affected code is not shipped in those packages. This flaw is out of support scope for Red Hat Enterprise Linux 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | clutter | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cogl | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-cogl114 | Not affected | ||
| Red Hat Enterprise Linux 8 | cogl | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
Уязвимость функции stbi__extend_receive компонента stb_image.h библиотек для C/C++ Libstb, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
6.1 Medium
CVSS3