Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-43281

Double Free

Published: Oct 25, 2023 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-43281
CWEhttps://cwe.mitre.org/data/definitions/415.html

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Stb_image.h Nothings 2.28 (including) 2.28 (including)
Arm-compute-library Ubuntu bionic *
Arm-compute-library Ubuntu lunar *
Arm-compute-library Ubuntu mantic *
Arm-compute-library Ubuntu trusty *
Arm-compute-library Ubuntu xenial *
Armnn Ubuntu bionic *
Armnn Ubuntu lunar *
Armnn Ubuntu mantic *
Armnn Ubuntu trusty *
Armnn Ubuntu xenial *
Bibledit Ubuntu bionic *
Bibledit Ubuntu lunar *
Bibledit Ubuntu mantic *
Bibledit Ubuntu trusty *
Bibledit Ubuntu xenial *
Bibledit-cloud Ubuntu bionic *
Bibledit-cloud Ubuntu lunar *
Bibledit-cloud Ubuntu mantic *
Bibledit-cloud Ubuntu trusty *
Bibledit-cloud Ubuntu xenial *
Emscripten Ubuntu bionic *
Emscripten Ubuntu lunar *
Emscripten Ubuntu mantic *
Emscripten Ubuntu trusty *
Emscripten Ubuntu xenial *
Goxel Ubuntu bionic *
Goxel Ubuntu lunar *
Goxel Ubuntu mantic *
Goxel Ubuntu trusty *
Goxel Ubuntu xenial *
Libsfml Ubuntu bionic *
Libsfml Ubuntu lunar *
Libsfml Ubuntu mantic *
Libsfml Ubuntu trusty *
Libsfml Ubuntu xenial *
Libstb Ubuntu bionic *
Libstb Ubuntu lunar *
Libstb Ubuntu mantic *
Libstb Ubuntu trusty *
Libstb Ubuntu xenial *
Love Ubuntu bionic *
Love Ubuntu lunar *
Love Ubuntu mantic *
Love Ubuntu trusty *
Love Ubuntu xenial *
Mame Ubuntu bionic *
Mame Ubuntu lunar *
Mame Ubuntu mantic *
Mame Ubuntu trusty *
Mame Ubuntu xenial *
Timg Ubuntu bionic *
Timg Ubuntu lunar *
Timg Ubuntu mantic *
Timg Ubuntu trusty *
Timg Ubuntu xenial *
Tiny-dnn Ubuntu bionic *
Tiny-dnn Ubuntu lunar *
Tiny-dnn Ubuntu mantic *
Tiny-dnn Ubuntu trusty *
Tiny-dnn Ubuntu xenial *
Utox Ubuntu bionic *
Utox Ubuntu lunar *
Utox Ubuntu mantic *
Utox Ubuntu trusty *
Utox Ubuntu xenial *
Visp Ubuntu bionic *
Visp Ubuntu lunar *
Visp Ubuntu mantic *
Visp Ubuntu trusty *
Visp Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use