PT-2019-6338 · Libsixel+2 · Stb Image.H+2

Sleicaspero

·

Published

2019-12-29

·

Updated

2020-01-08

·

CVE-2019-20056

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions stb image.h versions 2.23
Description The issue is related to an insufficient use of the assert() function in the stb image.h component of the Libsixel library for C/C++. This allows a remote attacker to cause a denial of service.
Recommendations For version 2.23, consider disabling the stbi shiftsigned function as a temporary workaround until a patch is available.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2023-02639
CVE-2019-20056

Affected Products

Astra Linux
Debian
Stb Image.H