CVE-2021-28021

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions stb versions 2.26

Description The issue is related to a buffer overflow vulnerability in the stbi extend receive function of the stb image.h component in the stb library for C/C++. This vulnerability can be exploited by a remote attacker using a specially crafted JPEG file, allowing them to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For stb version 2.26, consider disabling the stbi extend receive function until a patch is available to prevent exploitation. Restrict access to the stb image.h component to minimize the risk of exploitation. Avoid using the stb image.h component with untrusted JPEG files until the issue is resolved.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2023-02646

CVE-2021-28021

DLA-3305-1

MGASA-2021-0549

MGASA-2022-0074

OPENSUSE-SU-2022:0157-1

OPENSUSE-SU-2022_0157-1

OPENSUSE-SU-2024:11686-1

SUSE-SU-2022:0157-1

SUSE-SU-2022:0163-1

SUSE-SU-2022_0157-1

SUSE-SU-2022_0163-1

Affected Products

Astra Linux

Debian

Suse

Stb

CVE-2021-28021

Weakness Enumeration

Related Identifiers

Affected Products

References · 43