{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T08:39:18.859","vulnerabilities":[{"cve":{"id":"CVE-2023-45664","sourceIdentifier":"security-advisories@github.com","published":"2023-10-21T00:15:09.003","lastModified":"2024-11-21T08:27:10.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution."},{"lang":"es","value":"stb_image es una librería con licencia MIT de un solo archivo para procesar imágenes. Un archivo de imagen manipulado puede provocar que `stbi__load_gif_main_outofmem` intente liberar dos veces la variable out. Esto sucede en `stbi__load_gif_main` porque cuando el valor de `layers * stride` es cero, el comportamiento está definido por la implementación, pero es común que la realloc libere la memoria antigua y devuelva un puntero nulo. Dado que intenta liberar dos veces la memoria unas pocas líneas debajo de la primera \"free\", el problema sólo puede explotarse en un entorno de subprocesos múltiples. En el peor de los casos, esto puede provocar la ejecución del código."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nothings:stb_image.h:2.28:*:*:*:*:*:*:*","matchCriteriaId":"76840B8F-81FC-4BC6-A92C-EBB978741DAB"}]}]}],"references":[{"url":"https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/","source":"security-advisories@github.com"},{"url":"https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6993-L6995","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}