CVE-2023-45666

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions stb image (affected versions not specified)

Description The issue is related to the stbi load gif main function in the stb image library, which may lead to a memory leak or double-free if the caller chooses to free the delays memory only when the function returns a non-null value. The function may return a null value but fail to free the memory in delays if internally stbi convert format is called and fails. This could allow a remote attacker to access confidential data, compromise its integrity, or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2023-7362

ALT-PU-2024-11393

BDU:2024-06918

CVE-2023-45666

OESA-2024-1262

OESA-2024-1263

Affected Products

Alt Linux

Astra Linux

Debian

Stb Image

CVE-2023-45666

Weakness Enumeration

Related Identifiers

Affected Products

References · 26