VDB
CVE-2022-28041
CVE-2022-28041
PUBLISHED
CVSS 6.5 MEDIUM
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
EPSS 1.12% · 78.6th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
1.12%
78.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 36, 34, 35 |
| n/a | n/a | n/a |
| nothings | stb_image.h | 2.27 |
| debian | debian_linux | 10.0 |
Timeline
- Apr 15, 2022 CVE Published
- Apr 16, 2022 EPSS Score
- Jun 5, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
- Dec 24, 2022 EPSS Score
- Feb 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 23, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
References
- https://github.com/nothings/stb/issues/1292 url
- https://github.com/nothings/stb/pull/1297 url
- FEDORA-2022-29327a4b98 vendor-advisory
- FEDORA-2022-fe84314a8e vendor-advisory
- FEDORA-2022-832689aa6b vendor-advisory
- FEDORA-2022-61f6ee6353 vendor-advisory
- FEDORA-2022-bc606b86f4 vendor-advisory
- FEDORA-2022-cc64b21327 vendor-advisory
- FEDORA-2022-c87bba6546 vendor-advisory
- FEDORA-2022-e22f1a8c17 vendor-advisory
- FEDORA-2022-c8f6a39cf6 vendor-advisory
- FEDORA-2022-0125d9cd29 vendor-advisory
- [debian-lts-announce] 20230131 [SECURITY] [DLA 3305-1] libstb security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2022-28041 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J72YJQ3R5MG23GECPUCLAWPPZ6TZPG7U url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIRW5D4CJIDS6FHOGHSS42SSDDKQMXPN url
…and 4 more