CVE Vulnerabilities

CVE-2023-45664

Double Free

Published: Oct 21, 2023 | Modified: Nov 04, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger stbi__load_gif_main_outofmem attempt to double-free the out variable. This happens in stbi__load_gif_main because when the layers * stride value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Stb_image.h Nothings 2.28 (including) 2.28 (including)
Libstb Ubuntu bionic *
Libstb Ubuntu lunar *
Libstb Ubuntu mantic *
Libstb Ubuntu trusty *
Libstb Ubuntu xenial *

Potential Mitigations

References