Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL pointer derefence in PIC loading (CVE-2023-43898) #1521

Open
mmuehlenhoff opened this issue Oct 4, 2023 · 3 comments
Open

NULL pointer derefence in PIC loading (CVE-2023-43898) #1521

mmuehlenhoff opened this issue Oct 4, 2023 · 3 comments

Comments

@mmuehlenhoff
Copy link

This appeared in the CVE feed updates, apparently someone requested a CVE ID (https://www.cve.org/CVERecord?id=CVE-2023-43898) for https://github.com/peccc/null-stb, but failed to actually report it to you...
@NBickford-NV
Copy link
Contributor

I'm going to link this issue with the original report in #1452 and the patch in #1454 - thanks!

This was referenced Oct 4, 2023
Open
Open
@tom-seddon
Copy link

Googling suggests the PIC support's main current purpose is to allow automated fuzzers to find new ways to make stb_image crash. I can't imagine anybody still needs to do anything with the early-2000s-era Maya assets from Sega that prompted me to cobble this stuff together in the first place - so maybe it's time to take this code out back and send it to a farm upstate?

--Tom

@tom-seddon
Copy link

If nobody is using this code, it needs to be removed.

If anybody is using it, let's remove it anyway - they can switch to using PNG instead.

I can do a PR if there is any interest.

--Tom

@JarLob JarLob mentioned this issue Oct 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tom-seddon @mmuehlenhoff @NBickford-NV