OESA-2024-1262

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1262
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1262.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-1262
Upstream
Published
2024-03-08T11:07:10Z
Modified
2025-09-03T06:19:31.206233Z
Summary
stb security update
Details

Single-file public domain libraries for C/C++.

Security Fix(es):

stb_image is a single file MIT licensed library for processing images. It may look like stbi__load_gif_main doesn’t give guarantees about the content of output value *delays upon failure. Although it sets *delays to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to stbi__load_gif_main_outofmem only frees possibly allocated memory in *delays without resetting it to zero. Thus it would be fair to say the caller of stbi__load_gif_main is responsible to free the allocated memory in *delays only if stbi__load_gif_main returns a non null value. However at the same time the function may return null value, but fail to free the memory in *delays if internally stbi__convert_format is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free delays only when stbi__load_gif_main didn’t fail or to a double-free if the delays is always freed(CVE-2023-45666)

stb_image is a single file MIT licensed library for processing images.

If stbi__load_gif_main in stbi_load_gif_from_memory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbi__vertical_flip_slices with the null pointer result value and the uninitialized z value. This may result in a program crash.(CVE-2023-45667)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / stb

Package

Name
stb
Purl
pkg:rpm/openEuler/stb&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20220908git8b5f1f3-0.12.oe2203sp3

Ecosystem specific 

{
    "src": [
        "stb-0.20220908git8b5f1f3-0.12.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "stb_connected_components-devel-0.96.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_truetype-devel-1.26.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_vorbis-devel-1.22.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_divide-devel-0.94.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_dxt-devel-1.12.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb-devel-0.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_perlin-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_textedit-devel-1.14.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_easy_font-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_hexwave-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_ds-devel-0.67.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_image_write-devel-1.16.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_image-devel-2.27.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_image_resize-devel-0.97.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_sprintf-devel-1.10.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm",
        "stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.12.oe2203sp3.x86_64.rpm"
    ],
    "noarch": [
        "stb-help-0.20220908git8b5f1f3-0.12.oe2203sp3.noarch.rpm"
    ],
    "aarch64": [
        "stb_perlin-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_connected_components-devel-0.96.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb-devel-0.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_image-devel-2.27.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_easy_font-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_vorbis-devel-1.22.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_dxt-devel-1.12.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_ds-devel-0.67.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_sprintf-devel-1.10.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_divide-devel-0.94.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_truetype-devel-1.26.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_image_resize-devel-0.97.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_hexwave-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_image_write-devel-1.16.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm",
        "stb_textedit-devel-1.14.20220908git8b5f1f3-0.12.oe2203sp3.aarch64.rpm"
    ]
}