VDB
CVE-2018-16981
CVE-2018-16981
PUBLISHED
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
EPSS 0.36% · 58.7th percentile
Risk Scores
EPSS Score
0.36%
58.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | catimg | 0, 2.5.0-1 |
| Ubuntu:20.04:LTS | libsfml | 0, 2.5.1+dfsg-1build1, 2.5.1+dfsg-1 |
| Ubuntu:24.04:LTS | libsfml | 0, 2.5.1+dfsg-2build1, 2.6.1+dfsg-2 |
| Ubuntu:22.04:LTS | zam-plugins | 0, 3.14~repack3-1 |
| Ubuntu:25.10 | libsfml | 2.6.2+dfsg-2build1, 0 |
| Ubuntu:25.10 | zam-plugins | 0, * |
| Ubuntu:24.04:LTS | ccextractor | *, 0, 0.94+ds1-3build3 |
| Ubuntu:25.10 | catimg | 2.7.0-2, 0, 2.7.0-4 |
| Ubuntu:24.04:LTS | zam-plugins | 4.1+ds-3, 0, 4.1+ds-2 |
| Ubuntu:24.04:LTS | retroarch | 1.18.0+dfsg-1, 0, 1.14.0+dfsg-1build1 |
| Ubuntu:20.04:LTS | love | 0, 11.3-1, 11.1-2 |
| Ubuntu:22.04:LTS | love | 0, 11.3-1 |
| Ubuntu:20.04:LTS | libsixel | 1.8.2-1, 0, 1.8.2-2.1 |
| Ubuntu:24.04:LTS | love | 0, 11.5-1, 11.4-1 |
| Ubuntu:22.04:LTS | retroarch | 0, 1.7.3+dfsg1-1.1build1 |
| Ubuntu:22.04:LTS | libsixel | 1.10.3-2, 0, 1.8.6-2 |
| Ubuntu:Pro:20.04:LTS | mame | 0, *, * |
| Ubuntu:22.04:LTS | ccextractor | 0, 0.93+ds2-2, 0.93+ds2-1ubuntu1 |
| Ubuntu:24.04:LTS | libsixel | 0, 1.10.3-3build1, 1.10.3-3 |
| Ubuntu:25.10 | libsixel | 0, 1.10.5-1 |
…and 40 more
Exploit Intelligence
Timeline
- Sep 12, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-16981 third-party-advisory
- https://github.com/nothings/stb/issues/656 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-16981 third-party-advisory
- https://ubuntu.com/security/notices/USN-7913-1 vendor-advisory