CVE-2022-28042: Use After Free
First published: Fri Apr 15 2022(Updated: )
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nothings Stb Image.h | =2.27 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/nothings/stb/issues/1289
- https://github.com/nothings/stb/pull/1297
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I4HXIWU5HBOADXZVMREHT4YTO5WVYXEQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FXLM5XL77SNH4IPTSXOQD7XL4E2EMIN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBCMJGAZRQS55SNECUWZSC5URVLEZ5R/
Frequently Asked Questions
What is the vulnerability ID for this issue in stb_image.h v2.27?
The vulnerability ID for this issue in stb_image.h v2.27 is CVE-2022-28042.
What is the description of the vulnerability?
The vulnerability in stb_image.h v2.27 is a heap-based use-after-free via the function stbi__jpeg_huff_decode.
Which software versions are affected by this vulnerability?
The software versions affected by this vulnerability are stb_image.h v2.27, Fedora 34, Fedora 35, Fedora 36, and Debian Debian Linux 10.0.
What is the severity of CVE-2022-28042?
The severity of CVE-2022-28042 is high (CVSS score: 8.8).
Are there any references related to this vulnerability?
Yes, there are references related to this vulnerability. They can be found at the following links: [Link 1](https://github.com/nothings/stb/issues/1289), [Link 2](https://github.com/nothings/stb/pull/1297), [Link 3](https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nothings
- canonical/nothings stb image.h
- version/nothings stb image.h/2.27
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0