CVE-2021-42715

 

Published at: - 21-10-2021 09:15

Last modified: - 13-05-2022 07:23

Total changes: - 4

Description

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://github.com/nothings/stb/issues/1224
• https://github.com/nothings/stb/pull/1223
• FEDORA-2021-001f25d986-Mailing List, Third Party Advisory
• FEDORA-2021-f8ba4a690e-Mailing List, Third Party Advisory
• FEDORA-2021-8ea648186c-Mailing List, Third Party Advisory
• FEDORA-2021-082bea5b34-Mailing List, Third Party Advisory
• FEDORA-2021-16d848834d-Mailing List, Third Party Advisory
• FEDORA-2021-0511a38484-Mailing List, Third Party Advisory
• FEDORA-2021-3fc69d203c-Mailing List, Third Party Advisory
• FEDORA-2021-d1446cd1ac-Mailing List, Third Party Advisory
• FEDORA-2022-832689aa6b-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2021-42715

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures