Описание
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
A flaw was found in stb_image. This issue occurs while processing the frame header information when the plane sampling configurations are calculated in two different ways, generating different results due to integer approximation. The value is further used to access several buffers, leading to a heap based out-of-bound read. This causes a heap data leak or an application crash, resulting in a denial of service.
Отчет
Although the NVD CVSSv3.1 scoring point to a 8.1, Red Hat considers the impact to be Moderate as this flaw can not be used to perform arbitrary code execution, needs local access to be exploited, and the amount of leaked information is constrained to a few bytes within the process heap.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | clutter | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cogl | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-cogl114 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | cogl | Will not fix | ||
| Red Hat Enterprise Linux 9 | cogl | Will not fix |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
Уязвимость компонента stb_image.h библиотек для C/C++ Libstb, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
8.1 High
CVSS3