Home/Product/nothings stb image.h
Product

nothings stb image.h

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-3409
<= 2025-03-14
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string.
6.3MEDIUM
 CVE-2025-3408
<= 2025-03-14
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb
6.3MEDIUM
 CVE-2025-3407
<= 2025-03-14
A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the f
6.3MEDIUM
 CVE-2025-3406
<= 2025-03-14
A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_bui
4.3MEDIUM
 CVE-2023-43281
all versions
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file
6.5MEDIUM
 CVE-2023-45667
all versions
stb_image is a single file MIT licensed library for processing images. If stbi__load_gif_main in stbi_load_gif_from_memory fa
5.3MEDIUM
 CVE-2023-45666
all versions
stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guar
7.3HIGH
 CVE-2023-45664
all versions
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outof
7.3HIGH
 CVE-2023-45663
all versions
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes f
5.3MEDIUM
 CVE-2023-45662
all versions
stb_image is a single file MIT licensed library for processing images. When stbi_set_flip_vertically_on_load is set to TRUE an
6.5MEDIUM
 CVE-2023-45661
all versions
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read
6.5MEDIUM
 CVE-2023-43898
all versions
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability a
5.5MEDIUM
 CVE-2022-28042
all versions
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
8.8HIGH
 CVE-2022-28041
all versions
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerabili
6.5MEDIUM
 CVE-2021-42716
all versions
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting
7.1HIGH
 CVE-2021-42715
>= 1.33 and <= 2.27
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infi
5.5MEDIUM
 CVE-2019-20056
all versions
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned
6.5MEDIUM
 CVE-2019-19777
all versions
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__lo
8.8HIGH
 CVE-2018-16981
all versions
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_cod
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin