CVE-2023-45664

Name of the Vulnerable Software and Affected Versions stb image (affected versions not specified)

Description The issue is related to a double-free memory error in the stbi load gif main component of the stb image library. This can be triggered by a crafted image file, potentially allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem occurs because when the layers * stride value is zero, the behavior is implementation-defined, but commonly, realloc frees the old memory and returns a null pointer. As a result, the code attempts to double-free the memory, which can be potentially exploited in a multi-threaded environment, leading to code execution in the worst case.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.