Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2246110 (CVE-2023-45667) - CVE-2023-45667 stb: memory access violation
Summary: CVE-2023-45667 stb: memory access violation
Keywords:
Status: NEW
Alias: CVE-2023-45667
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2246112 2246113 2246114
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-10-25 13:10 UTC by ybuenos
Modified: 2023-10-26 01:01 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description ybuenos 2023-10-25 13:10:48 UTC
stb_image is a single file MIT licensed library for processing images.

If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1442-L1454
https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L1448
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/

Comment 1 ybuenos 2023-10-25 13:11:32 UTC
Created assimp tracking bugs for this issue:

Affects: epel-8 [bug 2246114]


Created stb tracking bugs for this issue:

Affects: epel-all [bug 2246113]
Affects: fedora-all [bug 2246112]

Comment 2 Fedora Update System 2023-10-26 01:01:25 UTC
FEDORA-2023-58af3a2eca has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.