Vulnerabilities > CVE-2023-43281 - Double Free vulnerability in Nothings STB Image.H 2.28

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nothings

CWE-415

NVD

Published: 2023-10-25

Updated: 2023-11-07

Summary

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

Vulnerable Configurations

Part	Description	Count
Application	Nothings Nothings STB Image.H 2.28	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac
https://github.com/peccc/double-stb
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/