Vulnerability Details CVE-2021-42715
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/nothings/stb/issues/1224
- https://github.com/nothings/stb/pull/1223
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
- https://github.com/nothings/stb/issues/1224
- https://github.com/nothings/stb/pull/1223
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
Products affected by CVE-2021-42715
-
cpe:2.3:a:nothings:stb_image.h:1.33
-
cpe:2.3:a:nothings:stb_image.h:1.34
-
cpe:2.3:a:nothings:stb_image.h:1.35
-
cpe:2.3:a:nothings:stb_image.h:1.36
-
cpe:2.3:a:nothings:stb_image.h:1.37
-
cpe:2.3:a:nothings:stb_image.h:1.38
-
cpe:2.3:a:nothings:stb_image.h:1.39
-
cpe:2.3:a:nothings:stb_image.h:1.40
-
cpe:2.3:a:nothings:stb_image.h:1.41
-
cpe:2.3:a:nothings:stb_image.h:1.42
-
cpe:2.3:a:nothings:stb_image.h:1.43
-
cpe:2.3:a:nothings:stb_image.h:1.44
-
cpe:2.3:a:nothings:stb_image.h:1.45
-
cpe:2.3:a:nothings:stb_image.h:1.46
-
cpe:2.3:a:nothings:stb_image.h:1.47
-
cpe:2.3:a:nothings:stb_image.h:1.48
-
cpe:2.3:a:nothings:stb_image.h:2.00
-
cpe:2.3:a:nothings:stb_image.h:2.01
-
cpe:2.3:a:nothings:stb_image.h:2.02
-
cpe:2.3:a:nothings:stb_image.h:2.03
-
cpe:2.3:a:nothings:stb_image.h:2.04
-
cpe:2.3:a:nothings:stb_image.h:2.05
-
cpe:2.3:a:nothings:stb_image.h:2.06
-
cpe:2.3:a:nothings:stb_image.h:2.07
-
cpe:2.3:a:nothings:stb_image.h:2.08
-
cpe:2.3:a:nothings:stb_image.h:2.09
-
cpe:2.3:a:nothings:stb_image.h:2.10
-
cpe:2.3:a:nothings:stb_image.h:2.11
-
cpe:2.3:a:nothings:stb_image.h:2.12
-
cpe:2.3:a:nothings:stb_image.h:2.13
-
cpe:2.3:a:nothings:stb_image.h:2.14
-
cpe:2.3:a:nothings:stb_image.h:2.15
-
cpe:2.3:a:nothings:stb_image.h:2.16
-
cpe:2.3:a:nothings:stb_image.h:2.17
-
cpe:2.3:a:nothings:stb_image.h:2.18
-
cpe:2.3:a:nothings:stb_image.h:2.19
-
cpe:2.3:a:nothings:stb_image.h:2.20
-
cpe:2.3:a:nothings:stb_image.h:2.21
-
cpe:2.3:a:nothings:stb_image.h:2.22
-
cpe:2.3:a:nothings:stb_image.h:2.23
-
cpe:2.3:a:nothings:stb_image.h:2.24
-
cpe:2.3:a:nothings:stb_image.h:2.25
-
cpe:2.3:a:nothings:stb_image.h:2.26
-
cpe:2.3:a:nothings:stb_image.h:2.27
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35