CVE-2023-43281

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-43281
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac Exploit Third Party Advisory
https://github.com/peccc/double-stb Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/
Configurations

Configuration 1 (hide)

cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*
History

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/', 'name': 'FEDORA-2023-def2f95af4', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/', 'name': 'FEDORA-2023-a93c06a1d9', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/', 'name': 'FEDORA-2023-d486d13cfd', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ -

04 Nov 2023, 06:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ -

03 Nov 2023, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ -

31 Oct 2023, 20:00

Type Values Removed Values Added
References (MISC) https://github.com/peccc/double-stb - (MISC) https://github.com/peccc/double-stb - Exploit, Third Party Advisory
References (MISC) https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac - (MISC) https://gist.github.com/peccc/d8761f6ac45ad55cbd194dd7e6fdfdac - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-415
First Time Nothings
Nothings stb Image.h
CPE cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*

25 Oct 2023, 18:17

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-25 18:17

Updated : 2023-12-10 15:14

NVD link : CVE-2023-43281

Mitre link : CVE-2023-43281

CVE.ORG link : CVE-2023-43281

JSON object : View

Products Affected

nothings

  • stb_image.h
CWE
CWE-415

Double Free