Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-42716

Опубликовано: 21 окт. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8
CVSS3: 7.1

Описание

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

РелизСтатусПримечание
devel

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

focal

ignored

end of standard support, was needs-triage
hirsute

ignored

end of life
impish

ignored

end of life
jammy

needs-triage

kinetic

ignored

end of life, was needs-triage
lunar

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 48%
0.00251
Низкий

5.8 Medium

CVSS2

7.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-42716

CVSS3: 8
redhat
больше 4 лет назад

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

nvd логотип

CVE-2021-42716

CVSS3: 7.1
nvd
больше 4 лет назад

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

debian логотип

CVE-2021-42716

CVSS3: 7.1
debian
больше 4 лет назад

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...

suse-cvrf логотип

openSUSE-SU-2022:0018-1

suse-cvrf
около 4 лет назад

Security update for stb

github логотип

GHSA-44mr-92xw-jfrv

CVSS3: 9.1
github
больше 3 лет назад

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

EPSS

Процентиль: 48%
0.00251
Низкий

5.8 Medium

CVSS2

7.1 High

CVSS3