DEBIAN-CVE-2023-45663

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-45663

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-45663.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-45663

Upstream

CVE-2023-45663

Published

2023-10-21T00:15:08Z

Modified

2025-09-17T19:02:51Z

Summary

[none]

Details

stbimage is a single file MIT licensed library for processing images. The stbi_getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the stbi__hdr_load function and in the stbi__tga_load function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.

References

https://security-tracker.debian.org/tracker/CVE-2023-45663

Affected packages

Debian:11 / libstb

Package

Name: libstb
Purl: pkg:deb/debian/libstb?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libstb

Package

Name: libstb
Purl: pkg:deb/debian/libstb?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libstb

Package

Name: libstb
Purl: pkg:deb/debian/libstb?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libstb

Package

Name: libstb
Purl: pkg:deb/debian/libstb?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}