CVE-2023-43898 — Vulnetix

CVE-2023-43898 PUBLISHED CVSS 5.5 MEDIUM

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

EPSS 0.02% · 7.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.02%

7.2th percentile

Affected Products

Vendor	Product	Versions
nothings	stb_image.h	2.28
n/a	n/a	n/a

Timeline

Oct 3, 2023 CVE Published
Oct 4, 2023 EPSS Score
Nov 5, 2023 EPSS Score
Dec 6, 2023 EPSS Score
Jan 7, 2024 EPSS Score
Feb 7, 2024 EPSS Score
Mar 10, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 12, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 15, 2024 EPSS Score
Aug 15, 2024 EPSS Score

References

https://github.com/nothings/stb/issues/1452 url
https://github.com/peccc/null-stb url
https://github.com/nothings/stb/pull/1454 url
https://nvd.nist.gov/vuln/detail/CVE-2023-43898 advisory

Open in Interactive Console →