CVE-2022-28041: Integer Overflow
First published: Fri Apr 15 2022(Updated: )
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nothings Stb Image.h | =2.27 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/nothings/stb/issues/1292
- https://github.com/nothings/stb/pull/1297
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J72YJQ3R5MG23GECPUCLAWPPZ6TZPG7U/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIRW5D4CJIDS6FHOGHSS42SSDDKQMXPN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHTD76NDEN77KCPI3XGGK2VVSA25WWEG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEQGDVH43YW7AG7TRU2CTU5TMIYP27WP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIRW5D4CJIDS6FHOGHSS42SSDDKQMXPN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEQGDVH43YW7AG7TRU2CTU5TMIYP27WP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52ZIQAFEG7A6TO526OJ7OA4GSEZQ2WEG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHTD76NDEN77KCPI3XGGK2VVSA25WWEG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G6JJJQ5JABTPF5H2L5FQGLILYLIGPW6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J72YJQ3R5MG23GECPUCLAWPPZ6TZPG7U/
Frequently Asked Questions
What is CVE-2022-28041?
CVE-2022-28041 is a vulnerability in stb_image.h v2.27 that allows attackers to cause a Denial of Service (DoS) through an integer overflow.
How severe is CVE-2022-28041?
CVE-2022-28041 has a severity rating of 6.5, which is considered medium.
How does CVE-2022-28041 affect Nothings Stb Image.h?
CVE-2022-28041 affects Nothings Stb Image.h version 2.27.
What is the impact of CVE-2022-28041?
The impact of CVE-2022-28041 is a Denial of Service (DoS) attack.
Are there any patches available for CVE-2022-28041?
Yes, patches for CVE-2022-28041 are available. Please refer to the provided references for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nothings
- canonical/nothings stb image.h
- version/nothings stb image.h/2.27
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0