Package stb updated to version 2.38-alt7.g40adb99.20241008 for branch sisyphus_loongarch64.

Published: 2022-01-25
Modified: 2024-11-21

CVE-2021-45340

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/libsixel/libsixel/issues/51
https://github.com/libsixel/libsixel/issues/51

Published: 2023-10-04
Modified: 2024-11-21

CVE-2023-43898

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/nothings/stb/issues/1452
https://github.com/nothings/stb/issues/1452
https://github.com/nothings/stb/pull/1454
https://github.com/nothings/stb/pull/1454
https://github.com/peccc/null-stb
https://github.com/peccc/null-stb

Version: 2.1.0

Package stb update in sisyphus_loongarch64 on 2025-01-21

ALT-PU-2025-1717-1

Closed vulnerabilities

CVE-2021-45340

CVE-2023-43898