VDB
CVE-2021-42715
CVE-2021-42715
PUBLISHED
CVSS 5.5 MEDIUM
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
EPSS 0.18% · 39.1th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.18%
39.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 10.0 |
| nothings | stb_image.h | 1.33 |
| n/a | n/a | n/a |
| fedoraproject | fedora | 34, 35, 33 |
Exploit Intelligence
- https://github.com/nothings/stb/issues/1224 (circl)
- https://github.com/nothings/stb/pull/1223 (circl)
- FEDORA-2021-001f25d986 (circl)
- FEDORA-2021-d1446cd1ac (circl)
- FEDORA-2021-f8ba4a690e (circl)
- FEDORA-2021-0511a38484 (circl)
- FEDORA-2021-082bea5b34 (circl)
- FEDORA-2021-3fc69d203c (circl)
- FEDORA-2021-8ea648186c (circl)
- FEDORA-2021-16d848834d (circl)
…and 2 more exploits
Timeline
- Oct 21, 2021 CVE Published
- Oct 22, 2021 EPSS Score
- Oct 31, 2021 EPSS Score
- Dec 17, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 9, 2022 EPSS Score
- Jun 4, 2022 EPSS Score
- Jul 31, 2022 EPSS Score
- Nov 20, 2022 EPSS Score
- Jan 16, 2023 EPSS Score
References
- https://github.com/nothings/stb/issues/1224 url
- https://github.com/nothings/stb/pull/1223 url
- FEDORA-2021-001f25d986 vendor-advisory
- FEDORA-2021-d1446cd1ac vendor-advisory
- FEDORA-2021-f8ba4a690e vendor-advisory
- FEDORA-2021-0511a38484 vendor-advisory
- FEDORA-2021-082bea5b34 vendor-advisory
- FEDORA-2021-3fc69d203c vendor-advisory
- FEDORA-2021-8ea648186c vendor-advisory
- FEDORA-2021-16d848834d vendor-advisory
- FEDORA-2022-832689aa6b vendor-advisory
- [debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-42715 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N url
…and 2 more