OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-22 11:25:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

NULL pointer dereference in stb_image (#1647)

Browse Source
This commit is contained in:
Matt Brubeck
2023-03-19 08:52:01 -07:00
committed by GitHub
parent 0888b44843
commit 06a7d1fd04
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
crates/stb_image/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "stb_image"
date = "2023-03-19"
url = "https://github.com/servo/rust-stb-image/pull/102"
categories = ["memory-corruption"]
keywords = ["NULL-pointer-dereference"]
[versions]
patched = [">= 0.2.5"]
```
# NULL pointer derefernce in `stb_image`
A bug in error handling in the `stb_image` C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the `stb_image` Rust crate, by patching the C code to correctly handle NULL pointers.
Thank you to GitHub user 0xdd96 for finding and fixing this vulnerability.