Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Double-free in stbi__load_gif_main_outofmem in stb_image
Vulnerability Description
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
双重释放
Vulnerability Title
stb_image 资源管理错误漏洞
Vulnerability Description
stb是一款用于C/C ++的单文件公共域库。 stb_image 存在安全漏洞,该漏洞源于可能导致双重释放。
CVSS Information
N/A
Vulnerability Type
N/A