
We found results for “”
CVE-2021-42715
Good to know:

Date: October 20, 2021
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
Language: C
Severity Score
Related Resources (25)
Severity Score
Weakness Type (CWE)
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835Top Fix

Upgrade Version
Upgrade to version Microsoft.NET.Runtime.Emscripten.3.1.7.Sdk.linux-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.12.Sdk.linux-x64 - no_fix;mario-deluna/php-glfw - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.23.Sdk.linux-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.linux-arm64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.linux-musl-arm64 - no_fix;com.basemark.rocksolidsdk - 0.1.5;Microsoft.NET.Runtime.Emscripten.3.1.12.Sdk.win-x64 - no_fix;torch-sys - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.12.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.linux-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.12.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.21.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.linux-musl-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.7.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.21.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.12.Sdk.linux-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.30.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.23.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.7.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.30.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.21.Sdk.linux-x64 - no_fix;sixel-sys - 0.5.0;Microsoft.NET.Runtime.Emscripten.2.0.23.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.30.Sdk.linux-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.12.Sdk.win-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.win-arm64 - no_fix;ffui - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Sdk.osx-arm64 - no_fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |