Stb Image H Nothings Stb Image H

Do you want an email whenever new security vulnerabilities are reported in Nothings Stb Image H?

By the Year

In 2022 there have been 2 vulnerabilities in Nothings Stb Image H with an average score of 7.7 out of ten. Last year Stb Image H had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Stb Image H in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 1.35.

Year Vulnerabilities Average Score
2022 2 7.65
2021 2 6.30
2020 0 0.00
2019 2 7.65
2018 1 8.80

It may take a day or so for new Stb Image H vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nothings Stb Image H Security Vulnerabilities

stb_image.h v2.27 was discovered to contain an heap-based use-after-free

CVE-2022-28042 8.8 - High - April 15, 2022

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

Dangling pointer

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc

CVE-2022-28041 6.5 - Medium - April 15, 2022

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Integer Overflow or Wraparound

An issue was discovered in stb stb_image.h 2.27

CVE-2021-42716 7.1 - High - October 21, 2021

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

Classic Buffer Overflow

An issue was discovered in stb stb_image.h 1.33 through 2.27

CVE-2021-42715 5.5 - Medium - October 21, 2021

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Infinite Loop

stb_image.h (aka the stb image loader) 2.23

CVE-2019-20056 6.5 - Medium - December 29, 2019

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.

assertion failure

stb_image.h (aka the stb image loader) 2.23

CVE-2019-19777 8.8 - High - December 13, 2019

stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

Out-of-bounds Read

stb stb_image.h 2.19

CVE-2018-16981 8.8 - High - September 12, 2018

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Nothings Stb Image H or by Nothings? Click the Watch button to subscribe.

Nothings
Vendor

subscribe