Bug 2141433 (CVE-2021-37789) - CVE-2021-37789 stb_image: heap-based buffer overflow
Summary: CVE-2021-37789 stb_image: heap-based buffer overflow
Keywords:
Status: NEW
Alias: CVE-2021-37789
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2141794 2141820 2141821 2141822
Blocks: 2139604
TreeView+ depends on / blocked
 
Reported: 2022-11-09 20:28 UTC by Marco Benatto
Modified: 2023-07-07 08:34 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2022-11-09 20:28:08 UTC 
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
Comment 1 Marco Benatto 2022-11-10 18:18:43 UTC 
Created stbi tracking bugs for this issue:

Affects: fedora-all [bug 2141794]
Comment 2 Marco Benatto 2022-11-10 19:32:29 UTC 
Public commit for this issue:
https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40
Note You need to log in before you can comment on or make changes to this bug.