Nick Verigakis

2 exploits Active since Oct 2023

CVE-2023-45663 WRITEUP MEDIUM WRITEUP

Nothings Stb Image.h - Use of Uninitialized Resource

stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

CVSS 5.3

View Code

CVE-2023-45667 WRITEUP MEDIUM WRITEUP

Nothings Stb Image.h - NULL Pointer Dereference

stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.

CVSS 5.3

View Code