CVE-2021-42716

 

Published at: - 21-10-2021 09:15

Last modified: - 13-05-2022 07:25

Total changes: - 4

Description

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

 

Verification logic

 

Reference

• https://github.com/nothings/stb/issues/1225
• https://github.com/nothings/stb/issues/1166
• https://github.com/nothings/stb/pull/1223
• FEDORA-2021-001f25d986-Mailing List, Third Party Advisory
• FEDORA-2021-f8ba4a690e-Mailing List, Third Party Advisory
• FEDORA-2021-8ea648186c-Mailing List, Third Party Advisory
• FEDORA-2021-082bea5b34-Mailing List, Third Party Advisory
• FEDORA-2021-16d848834d-Mailing List, Third Party Advisory
• FEDORA-2021-0511a38484-Mailing List, Third Party Advisory
• FEDORA-2021-3fc69d203c-Mailing List, Third Party Advisory
• FEDORA-2021-d1446cd1ac-Mailing List, Third Party Advisory
• FEDORA-2022-832689aa6b-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2021-42716

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures