CVE-2023-43281

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*

History

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/', 'name': 'FEDORA-2023-a93c06a1d9', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/', 'name': 'FEDORA-2023-d486d13cfd', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/', 'name': 'FEDORA-2023-def2f95af4', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ -

04 Nov 2023, 06:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ -

03 Nov 2023, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ -

31 Oct 2023, 20:00

Type Values Removed Values Added
First Time Nothings stb Image.h
Nothings
CPE cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*
CWE CWE-415
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac - (MISC) https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac - Exploit, Third Party Advisory
References (MISC) https://github.com/peccc/double-stb - (MISC) https://github.com/peccc/double-stb - Exploit, Third Party Advisory

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-25 18:17

Updated : 2024-02-28 20:33


NVD link : CVE-2023-43281

Mitre link : CVE-2023-43281

CVE.ORG link : CVE-2023-43281


JSON object : View

Products Affected

nothings

  • stb_image.h
CWE
CWE-415

Double Free