mirror of
https://github.com/rustsec/advisory-db.git
synced 2025-12-27 01:54:07 -05:00
20 lines
696 B
Markdown
20 lines
696 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2023-0021"
|
|
package = "stb_image"
|
|
date = "2023-03-19"
|
|
url = "https://github.com/servo/rust-stb-image/pull/102"
|
|
categories = ["memory-corruption"]
|
|
keywords = ["NULL-pointer-dereference"]
|
|
aliases = ["GHSA-ppjr-267j-5p9x"]
|
|
|
|
[versions]
|
|
patched = [">= 0.2.5"]
|
|
```
|
|
|
|
# NULL pointer dereference in `stb_image`
|
|
|
|
A bug in error handling in the `stb_image` C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the `stb_image` Rust crate, by patching the C code to correctly handle NULL pointers.
|
|
|
|
Thank you to GitHub user 0xdd96 for finding and fixing this vulnerability.
|