stb is a single-file public domain library for C/C. stb_image.h is one of the image loaders. stb stb_image.h contains a security vulnerability that stems from the HDR loader parsing truncated file-tailed RLE scan lines into an infinitely long zero-length sequence. An attacker could cause a denial of service in an application using stb_image by submitting a crafted HDR file.