CVE-2023-45664

CVSS V2 None CVSS V3 None
Description
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
Overview
  • CVE ID
  • CVE-2023-45664
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-20T23:26:40.320Z
  • Last Modified Date
  • 2023-10-20T23:26:40.320Z
History
Created Old Value New Value Data Type Notes
2024-06-25 09:46:58 Added to TrackCVE