Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
References
Link | Resource |
---|---|
https://github.com/nothings/stb/issues/1452 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/nothings/stb/pull/1454 | Issue Tracking Patch |
https://github.com/peccc/null-stb | Exploit |
Configurations
History
24 Jan 2024, 20:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:* | |
First Time |
Nothings stb Image.h
|
09 Nov 2023, 20:54
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/nothings/stb/pull/1454 - Issue Tracking, Patch | |
References | (MISC) https://github.com/nothings/stb/issues/1452 - Exploit, Issue Tracking, Patch, Third Party Advisory |
27 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2023, 18:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | (MISC) https://github.com/peccc/null-stb - Exploit | |
First Time |
Nothings
Nothings stb |
|
CPE | cpe:2.3:a:nothings:stb:2.28:*:*:*:*:*:*:* |
03 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-03 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-43898
Mitre link : CVE-2023-43898
CVE.ORG link : CVE-2023-43898
JSON object : View
Products Affected
nothings
- stb_image.h
CWE
CWE-476
NULL Pointer Dereference