Integer Shift Vulnerability in STB Image Library by Nothings
CVE-2022-28048

8.8HIGH

Key Information:

Vendor

Stb Project

Status
Stb
Vendor
CVE Published:
15 April 2022

What is CVE-2022-28048?

The STB Image Library, specifically version 2.27, demonstrates a vulnerability due to an integer shift of an invalid size within the jpeg decoding process. This flaw could potentially lead to incorrect processing of JPEG images by the library, affecting applications relying on its functionality. Developers using this library should review their implementations and consider updating to mitigates risks associated with this flaw. Related discussions and patches can be found in various GitHub issues and Fedora advisories.

References

https://github.com/nothings/stb/pull/1297
x_refsource_MISC
https://github.com/nothings/stb/issues/1293
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.