CVE-2023-43898

Name
CVE-2023-43898
Description
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/peccc/null-stb
Exploit https://github.com/nothings/stb/issues/1452
Issue Tracking https://github.com/nothings/stb/pull/1454

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nothings:stb:2.28:*:*:*:*:*:*:* stb == None == 2.28
cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:* stb_image.h == None == 2.28

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
stb edge-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
stb 3.19-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
stb 3.20-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed