Vulnerabilities > CVE-2021-42715 - Infinite Loop vulnerability in multiple products

Summary

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Vulnerable Configurations

Common Weakness Enumeration (CWE)

• CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References