CVE-2021-42716

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-42716
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42716.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-42716
Downstream
Related
Published
2021-10-21T19:15:08.083Z
Modified
2026-02-15T07:44:47.777552Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in stb stbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stbimage, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

References

Affected packages

Git / gitlab.gnome.org/GNOME/glib

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/glib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dda9707377f43c827860dbce8bf09c7b98e2ad14

Affected versions

2.*
2.20.0
2.20.1
2.21.1
2.21.2
2.21.3
2.21.4
2.21.5
2.21.6
2.22.0
2.22.2
2.23.0
2.23.1
2.23.2
2.23.3
2.23.4
2.23.5
2.23.6
2.24.0
2.25.0
2.25.10
2.25.11
2.25.12
2.25.13
2.25.14
2.25.15
2.25.2
2.25.3
2.25.4
2.25.5
2.25.6
2.25.8
2.25.9
2.27.0
Other
FOR_GNOME_0_99_1
GLIB_1_1_0
GLIB_1_1_1
GLIB_1_1_10
GLIB_1_1_11
GLIB_1_1_12
GLIB_1_1_13
GLIB_1_1_14
GLIB_1_1_15
GLIB_1_1_16
GLIB_1_1_2
GLIB_1_1_3
GLIB_1_1_3a
GLIB_1_1_4
GLIB_1_1_5
GLIB_1_1_6
GLIB_1_1_7
GLIB_1_1_8
GLIB_1_1_8a
GLIB_1_1_9
GLIB_1_2_0
GLIB_1_2_9PRE1
GLIB_1_3_0
GLIB_1_3_1
GLIB_1_3_10
GLIB_1_3_11
GLIB_1_3_12
GLIB_1_3_13
GLIB_1_3_14
GLIB_1_3_15
GLIB_1_3_2
GLIB_1_3_3
GLIB_1_3_4
GLIB_1_3_5
GLIB_1_3_6
GLIB_1_3_7
GLIB_1_3_8
GLIB_1_3_9
GLIB_2_0_0
GLIB_2_0_0_RC1
GLIB_2_0_1
GLIB_2_10_0
GLIB_2_10_1
GLIB_2_11_0
GLIB_2_11_1
GLIB_2_11_2
GLIB_2_11_3
GLIB_2_11_4
GLIB_2_12_0
GLIB_2_12_1
GLIB_2_12_2
GLIB_2_13_0
GLIB_2_13_1
GLIB_2_13_2
GLIB_2_13_3
GLIB_2_13_5
GLIB_2_13_6
GLIB_2_13_7
GLIB_2_14_0
GLIB_2_14_1
GLIB_2_14_2
GLIB_2_14_3
GLIB_2_15_1
GLIB_2_15_2
GLIB_2_15_3
GLIB_2_15_4
GLIB_2_15_5
GLIB_2_15_6
GLIB_2_16_1
GLIB_2_17_0
GLIB_2_17_1
GLIB_2_17_2
GLIB_2_17_3
GLIB_2_17_4
GLIB_2_17_5
GLIB_2_17_6
GLIB_2_17_7
GLIB_2_18_0
GLIB_2_18_1
GLIB_2_19_0
GLIB_2_19_1
GLIB_2_19_10
GLIB_2_19_2
GLIB_2_19_3
GLIB_2_19_4
GLIB_2_19_5
GLIB_2_19_6
GLIB_2_19_7
GLIB_2_19_8
GLIB_2_19_9
GLIB_2_1_3
GLIB_2_1_4
GLIB_2_1_5
GLIB_2_20_0
GLIB_2_2_0
GLIB_2_3_0
GLIB_2_3_1
GLIB_2_3_2
GLIB_2_3_3
GLIB_2_3_5
GLIB_2_3_6
GLIB_2_4_0
GLIB_2_4_1
GLIB_2_5_0
GLIB_2_5_1
GLIB_2_5_2
GLIB_2_5_3
GLIB_2_5_5
GLIB_2_5_6
GLIB_2_6_0
GLIB_2_6_1
GLIB_2_7_0
GLIB_2_7_1
GLIB_2_7_2
GLIB_2_7_3
GLIB_2_7_4
GLIB_2_7_5
GLIB_2_7_6
GLIB_2_7_7
GLIB_2_8_0
GLIB_2_8_1
GLIB_2_9_0
GLIB_2_9_1
GLIB_2_9_2
GLIB_2_9_3
GLIB_2_9_4
GLIB_2_9_5
GLIB_2_9_6
GLIB_GNOME_0_99_1
GLIB_VERSION_1_1_3
GNOME_PRINT_0_24
GOBJECT_GType_guint
GTK_2_5_4
GTK_2_7_4
GTK_ALL_1_3_6
PRE_CLEANUP
R_2_0_core
glib-2-0-branchpoint
glib-2-10-branchpoint
glib-2-12-branchpoint
glib-2-2-branchpoint
glib-2-4-branchpoint
glib-2-6-branchpoint
gobject_0_10_0
gobject_0_9_0
start
glib-2.*
glib-2.25.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42716.json"