Nothings Stb Image H
By the Year
In 2022 there have been 2 vulnerabilities in Nothings Stb Image H with an average score of 7.7 out of ten. Last year Stb Image H had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Stb Image H in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 1.35.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 2 | 7.65 |
| 2021 | 2 | 6.30 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 7.65 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Stb Image H vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nothings Stb Image H Security Vulnerabilities
stb_image.h v2.27 was discovered to contain an heap-based use-after-free
CVE-2022-28042
8.8 - High
- April 15, 2022
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
Dangling pointer
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc
CVE-2022-28041
6.5 - Medium
- April 15, 2022
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Integer Overflow or Wraparound
An issue was discovered in stb stb_image.h 2.27
CVE-2021-42716
7.1 - High
- October 21, 2021
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
Classic Buffer Overflow
An issue was discovered in stb stb_image.h 1.33 through 2.27
CVE-2021-42715
5.5 - Medium
- October 21, 2021
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
Infinite Loop
stb_image.h (aka the stb image loader) 2.23
CVE-2019-20056
6.5 - Medium
- December 29, 2019
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
assertion failure
stb_image.h (aka the stb image loader) 2.23
CVE-2019-19777
8.8 - High
- December 13, 2019
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
Out-of-bounds Read
stb stb_image.h 2.19
CVE-2018-16981
8.8 - High
- September 12, 2018
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nothings Stb Image H or by Nothings? Click the Watch button to subscribe.
