Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wcGpyLTI2N2otNXA5eM4AAyMh
NULL pointer derefernce in `stb_image`
A bug in error handling in the stb_image C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stb_image Rust crate, by patching the C code to correctly handle NULL pointers.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcGpyLTI2N2otNXA5eM4AAyMh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 10 months ago
Identifiers: GHSA-ppjr-267j-5p9x
References:
- https://github.com/servo/rust-stb-image/pull/102
- https://rustsec.org/advisories/RUSTSEC-2023-0021.html
- https://github.com/advisories/GHSA-ppjr-267j-5p9x
Blast Radius: 0.0
Affected Packages
cargo:stb_image
Dependent packages: 7Dependent repositories: 13
Downloads: 74,611 total
Affected Version Ranges: < 0.2.5
Fixed in: 0.2.5
All affected versions: 0.1.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4
All unaffected versions: 0.2.5, 0.3.0