Buffer Overflow in stbi__extend_receive of stb Image Library Affecting Multiple Platforms
CVE-2021-28021

7.8HIGH

Key Information:

Vendor

Stb Project

Status
Stb
Vendor
CVE Published:
15 October 2021

What is CVE-2021-28021?

A buffer overflow vulnerability is present in the stbi__extend_receive function within stb_image.h of the stb library version 2.26. This threat can be exploited through specially crafted JPEG files, potentially allowing an attacker to execute arbitrary code or crash applications that use this library for image processing. The vulnerability highlights the importance of proper input validation and memory management in handling image files.

References

https://github.com/nothings/stb/issues/1108
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.