CVE-2021-42716

Name of the Vulnerable Software and Affected Versions stb image.h version 2.27

Description An issue was discovered in the PNM loader of stb image.h, where 16-bit PGM files are incorrectly interpreted as 8-bit when converting to RGBA. This leads to a buffer overflow when the result is later reinterpreted as a 16-bit buffer. An attacker could potentially crash a service using stb image or read up to 1024 bytes of non-consecutive heap data without control over the read location. The vulnerability is related to the copying of a buffer without checking the input data, which could allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For stb image.h version 2.27, consider disabling the PNM loader functionality until a patch is available to prevent potential crashes or unauthorized data access. Restrict the use of the stb image.h library to minimize the risk of exploitation. Avoid using the PNM loader to convert 16-bit PGM files to RGBA format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.