Denial of Service Vulnerability in stb_image Library by NotThings
CVE-2021-42715

5.5MEDIUM

Key Information:

Vendor: Nothings
Status: Stb Image.h
Vendor: CVE Published:; 21 October 2021

What is CVE-2021-42715?

The stb_image library versions 1.33 to 2.27 are susceptible to a denial of service vulnerability due to improper handling of truncated RLE scanlines in HDR files. An attacker may exploit this flaw by submitting carefully crafted HDR files, leading to potential application crashes or indefinite resource consumption. This vulnerability affects any application utilizing the stb_image library for image loading, highlighting the importance of secure file handling and validation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nothings/stb/issues/1224

https://github.com/nothings/stb/pull/1223

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2021
Vulnerability Reserved
Oct 19, 2021

JSON

Nothings

What is CVE-2021-42715?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.