CVE-2023-43898

CVE-2023-43898

Name

CVE-2023-43898

Description

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/peccc/null-stb
Exploit	https://github.com/nothings/stb/issues/1452
Issue Tracking	https://github.com/nothings/stb/pull/1454

Type

URI

MISC

https://github.com/peccc/null-stb

Exploit

https://github.com/nothings/stb/issues/1452

Issue Tracking

https://github.com/nothings/stb/pull/1454

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:nothings:stb:2.28:::::::*`	stb	== None	== 2.28
`cpe:2.3:a:nothings:stb_image.h:2.28:::::::*`	stb_image.h	== None	== 2.28

CPE URI

Source package

Min version

Max version

cpe:2.3:a:nothings:stb:2.28:*:*:*:*:*:*:*

stb

== None

== 2.28

cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*

stb_image.h

== None

== 2.28

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
stb	edge-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
stb	3.23-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
stb	3.22-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
stb	3.21-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
stb	3.20-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed
stb	3.19-community	0_git20231012-r0	Simon Zeni <simon@bl4ckb0ne.ca>	fixed

Source package

Branch

Version

Maintainer

Status

stb

edge-community

0_git20231012-r0

Simon Zeni <simon@bl4ckb0ne.ca>

fixed

stb

3.23-community