CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS
Percentile
60.1%
A flaw was found in stb_image. This issue occurs while processing the frame header information when the plane sampling configurations are calculated in two different ways, generating different results due to integer approximation. The value is further used to access several buffers, leading to a heap based out-of-bound read. This causes a heap data leak or an application crash, resulting in a denial of service.