VDB
CVE-2021-42716
CVE-2021-42716
PUBLISHED
CVSS 7.099999904632568 HIGH
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
EPSS 0.25% · 48.7th percentile
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
0.25%
48.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| fedoraproject | fedora | 34, 35, 33 |
| nothings | stb_image.h | 2.27 |
Exploit Intelligence
- https://github.com/nothings/stb/issues/1166 (nist-nvd)
- https://github.com/nothings/stb/issues/1225 (nist-nvd)
- https://github.com/nothings/stb/pull/1223 (circl)
- FEDORA-2021-001f25d986 (circl)
- FEDORA-2021-d1446cd1ac (circl)
- FEDORA-2021-f8ba4a690e (circl)
- FEDORA-2021-0511a38484 (circl)
- FEDORA-2021-082bea5b34 (circl)
- FEDORA-2021-3fc69d203c (circl)
- FEDORA-2021-8ea648186c (circl)
…and 2 more exploits
Timeline
- Oct 21, 2021 CVE Published
- Oct 22, 2021 EPSS Score
- Oct 31, 2021 EPSS Score
- Dec 17, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 9, 2022 EPSS Score
- Jun 4, 2022 EPSS Score
- Jul 31, 2022 EPSS Score
- Nov 20, 2022 EPSS Score
- Jan 16, 2023 EPSS Score
References
- https://github.com/nothings/stb/issues/1166 url
- https://github.com/nothings/stb/pull/1223 url
- https://github.com/nothings/stb/issues/1225 url
- FEDORA-2021-001f25d986 vendor-advisory
- FEDORA-2021-d1446cd1ac vendor-advisory
- FEDORA-2021-f8ba4a690e vendor-advisory
- FEDORA-2021-0511a38484 vendor-advisory
- FEDORA-2021-082bea5b34 vendor-advisory
- FEDORA-2021-3fc69d203c vendor-advisory
- FEDORA-2021-8ea648186c vendor-advisory
- FEDORA-2021-16d848834d vendor-advisory
- FEDORA-2022-832689aa6b vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-42716 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N url
…and 2 more