-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NULL pointer dereference in the stb_image.h #1452
Labels
Comments
This was referenced Feb 25, 2023
sezero
added a commit
to libsdl-org/SDL_image
that referenced
this issue
Feb 25, 2023
Mainstream pull requests: nothings/stb#1454 Related mainstream issue tickets: nothings/stb#1452
sezero
added a commit
to libsdl-org/SDL_image
that referenced
this issue
Feb 25, 2023
Mainstream pull requests: nothings/stb#1454 Related mainstream issue tickets: nothings/stb#1452
U2FsdGVkX1
pushed a commit
to fedora-riscv/usd
that referenced
this issue
Aug 12, 2023
Ensure we have a fix for null pointer dereference bug nothings/stb#1452.
U2FsdGVkX1
pushed a commit
to fedora-riscv/usd
that referenced
this issue
Aug 12, 2023
Ensure we have a fix for null pointer dereference bug nothings/stb#1452.
U2FsdGVkX1
pushed a commit
to fedora-riscv/stb
that referenced
this issue
Aug 12, 2023
U2FsdGVkX1
pushed a commit
to fedora-riscv/stb
that referenced
this issue
Aug 12, 2023
U2FsdGVkX1
pushed a commit
to fedora-riscv/stb
that referenced
this issue
Aug 12, 2023
U2FsdGVkX1
pushed a commit
to fedora-riscv/stb
that referenced
this issue
Aug 12, 2023
U2FsdGVkX1
pushed a commit
to fedora-riscv/stb
that referenced
this issue
Aug 12, 2023
|
Tracking CVE numbers: this is https://nvd.nist.gov/vuln/detail/CVE-2023-43898 ((#1521), and its equivalent in Servo's Rust port is https://rustsec.org/advisories/RUSTSEC-2023-0021.html. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I discovered a null pointer dereference vulnerability in the stb_image.h of libsixel, which also exists in this project.
Specifically, if the
stbi__pic_load_corefunction returns 0 (line 6528),resultwill be released (line 6529) and set to 0 (line 6530). This null pointer will be dereferenced instbi__convert_format, which would crash the application.stb/stb_image.h
Lines 6523 to 6535 in 5736b15
The text was updated successfully, but these errors were encountered: