Nothings
Products by Nothings Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Nothings . Last year Nothings had 16 security vulnerabilities published. Right now, Nothings is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 16 | 7.39 |
2022 | 5 | 7.16 |
2021 | 2 | 6.30 |
2020 | 7 | 8.80 |
2019 | 2 | 7.65 |
2018 | 1 | 8.80 |
It may take a day or so for new Nothings vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nothings Security Vulnerabilities
Double Free vulnerability in Nothings Stb Image.h v.2.28
CVE-2023-43281
6.5 - Medium
- October 25, 2023
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
Double-free
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45675
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45682
7.1 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.
Out-of-bounds Read
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45681
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Integer Overflow or Wraparound
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45680
5.5 - Medium
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
NULL Pointer Dereference
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45679
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
Double-free
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45678
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45677
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.
Memory Corruption
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files
CVE-2023-45676
7.8 - High
- October 21, 2023
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.
Memory Corruption
stb_image is a single file MIT licensed library for processing images
CVE-2023-45667
7.5 - High
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
NULL Pointer Dereference
stb_image is a single file MIT licensed library for processing images
CVE-2023-45666
9.8 - Critical
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesnt give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesnt do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didnt fail or to a double-free if the `delays` is always freed
Double-free
stb_image is a single file MIT licensed library for processing images
CVE-2023-45664
8.8 - High
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first free, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
Double-free
stb_image is a single file MIT licensed library for processing images
CVE-2023-45663
5.5 - Medium
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
Use of Uninitialized Resource
stb_image is a single file MIT licensed library for processing images
CVE-2023-45662
8.1 - High
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesnt match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesnt match the real image array dimensions.
Out-of-bounds Read
stb_image is a single file MIT licensed library for processing images
CVE-2023-45661
7.1 - High
- October 21, 2023
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.
Out-of-bounds Read
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format
CVE-2023-43898
5.5 - Medium
- October 03, 2023
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
NULL Pointer Dereference
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc
CVE-2022-28041
6.5 - Medium
- April 15, 2022
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Integer Overflow or Wraparound
stb_image.h v2.27 was discovered to contain an heap-based use-after-free
CVE-2022-28042
8.8 - High
- April 15, 2022
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
Dangling pointer
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h
CVE-2022-25514
7.5 - High
- March 17, 2022
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
Memory Corruption
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h
CVE-2022-25515
6.5 - Medium
- March 17, 2022
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
Memory Corruption