CVE-2023-45662

Name of the Vulnerable Software and Affected Versions stb image (affected versions not specified)

Description The issue is related to the stbi set flip vertically on load function in the stb image library. When this function is set to TRUE and req comp is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. This can trigger an out-of-bounds read in memcpy because bytes per pixel used to calculate bytes per row doesn’t match the real image array dimensions. A crafted image file can exploit this, potentially allowing a remote attacker to access confidential data or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.