CVE-2023-43281

MEDIUM

Nothings Stb Image.h <2.28 - Memory Corruption

Title source: llm

Description

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

References (5)

[Exploit, Third Party Advisory] https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac

[Exploit, Third Party Advisory] https://github.com/peccc/double-stb

View Exploit ZIP pw:eip

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/

Scores

CVSS v3 6.5

EPSS 0.0020

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

nothings/stb_image.h

Timeline

Published Oct 25, 2023

Tracked Since Feb 18, 2026