Bug 2246110 (CVE-2023-45667) - CVE-2023-45667 stb: memory access violation
Summary: CVE-2023-45667 stb: memory access violation
Status: NEW
Alias: CVE-2023-45667
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2246112 2246113 2246114
TreeView+ depends on / blocked
Reported: 2023-10-25 13:10 UTC by ybuenos
Modified: 2023-10-26 01:01 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description ybuenos 2023-10-25 13:10:48 UTC
stb_image is a single file MIT licensed library for processing images.

If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.


Comment 1 ybuenos 2023-10-25 13:11:32 UTC
Created assimp tracking bugs for this issue:

Affects: epel-8 [bug 2246114]

Created stb tracking bugs for this issue:

Affects: epel-all [bug 2246113]
Affects: fedora-all [bug 2246112]

Comment 2 Fedora Update System 2023-10-26 01:01:25 UTC
FEDORA-2023-58af3a2eca has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.