CVE-2023-45664

Name
CVE-2023-45664
Description
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
MISC https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:* stb_image.h == None == 2.28

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
stb edge-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
stb 3.19-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed
stb 3.20-community 0_git20231012-r0 Simon Zeni <simon@bl4ckb0ne.ca> fixed