CVE-2022-28042

Name of the Vulnerable Software and Affected Versions Libstb versions prior to the version with the fixed stb image.h component stb image.h version 2.27

Description The issue is related to a heap-based use-after-free in the stb image.h component of the Libstb library for C/C++. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is specifically found in the stbi jpeg huff decode function.

Recommendations For stb image.h version 2.27, consider disabling the stbi jpeg huff decode function until a patch is available. For Libstb, update to a version that includes the fixed stb image.h component to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.