Nbickford-Nv

**Name of the Vulnerable Software and Affected Versions** Nothings stb version 2.28 **Description** The issue is related to a Null Pointer Dereference via the `stbi convert format` function, allowing attackers to cause a Denial of Service (DoS) by using a crafted pic file. **Recommendations** For Nothings stb version 2.28, consider disabling the `stbi convert format` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h version 2.27 **Description** The issue is related to an integer overflow in the `stbi jpeg decode block prog dc` function, which can be exploited by attackers to cause a Denial of Service (DoS) via unspecified vectors. This can allow a remote attacker to disrupt the service. **Recommendations** For stb image.h version 2.27, consider disabling the `stbi jpeg decode block prog dc` function as a temporary workaround until a patch is available. Restrict access to the `stb image.h` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libstb versions prior to the version with the fixed stb image.h component stb image.h version 2.27 **Description** The issue is related to a heap-based use-after-free in the stb image.h component of the Libstb library for C/C++. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is specifically found in the `stbi jpeg huff decode` function. **Recommendations** For stb image.h version 2.27, consider disabling the `stbi jpeg huff decode` function until a patch is available. For Libstb, update to a version that includes the fixed stb image.h component to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** STB version 2.27 **Description** The issue is related to an integer shift of invalid size in the `stbi jpeg decode block prog ac` component. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service due to incorrect calculation. **Recommendations** For STB version 2.27, consider updating to a newer version that addresses the integer shift issue in the `stbi jpeg decode block prog ac` component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h versions 1.33 through 2.27 **Description** The issue is related to the HDR loader in stb image.h, which parses truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. This could allow a remote attacker to cause a denial of service in applications using stb image by submitting crafted HDR files. **Recommendations** For versions 1.33 through 2.27, consider disabling the HDR loader functionality until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h version 2.27 **Description** An issue was discovered in the PNM loader of stb image.h, where 16-bit PGM files are incorrectly interpreted as 8-bit when converting to RGBA. This leads to a buffer overflow when the result is later reinterpreted as a 16-bit buffer. An attacker could potentially crash a service using stb image or read up to 1024 bytes of non-consecutive heap data without control over the read location. The vulnerability is related to the copying of a buffer without checking the input data, which could allow a remote attacker to access confidential data and cause a denial of service. **Recommendations** For stb image.h version 2.27, consider disabling the PNM loader functionality until a patch is available to prevent potential crashes or unauthorized data access. Restrict the use of the `stb image.h` library to minimize the risk of exploitation. Avoid using the PNM loader to convert 16-bit PGM files to RGBA format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.