Описание
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw was found in Nothings stb. A remote attacker can exploit a vulnerability in the stbi__gif_load_next function within the GIF Decoder component of the stb_image.h library. This manipulation can lead to a denial of service (DoS), making the affected system or application unavailable. The exploit for this vulnerability has been publicly disclosed.
Отчет
Moderate. This flaw in the stbi__gif_load_next function of the stb_image.h library, used for GIF decoding, can lead to a denial of service when processing a specially crafted GIF image. Red Hat products that utilize the stb component from Community Projects (EPEL) and process untrusted GIF content may be affected. Exploitation requires user interaction, such as opening a malicious GIF file.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted GIF images with applications that utilize the stb_image.h library. If the stb component is not required, consider removing applications that depend on it. For applications that must process GIF content, restrict their exposure to only trusted sources to minimize the risk of a denial of service.
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Nothings stb up to 2.30. This issue ...
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS
6.5 Medium
CVSS3