An update for stb is now available for openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1263 Final 1.0 1.0 2024-03-08 Initial 2024-03-08 2024-03-08 openEuler SA Tool V1.0 2024-03-08 stb security update An update for stb is now available for openEuler-22.03-LTS-SP2. Single-file public domain libraries for C/C++. Security Fix(es): stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed(CVE-2023-45666) stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.(CVE-2023-45667) An update for stb is now available for openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical stb https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1263 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45666 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45667 https://nvd.nist.gov/vuln/detail/CVE-2023-45666 https://nvd.nist.gov/vuln/detail/CVE-2023-45667 openEuler-22.03-LTS-SP2 stb_perlin-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_ds-devel-0.67.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_vorbis-devel-1.22.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_easy_font-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_image-devel-2.27.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb-devel-0.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_truetype-devel-1.26.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_divide-devel-0.94.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_hexwave-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_dxt-devel-1.12.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_connected_components-devel-0.96.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_sprintf-devel-1.10.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_textedit-devel-1.14.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_image_write-devel-1.16.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb_image_resize-devel-0.97.20220908git8b5f1f3-0.12.oe2203sp2.aarch64.rpm stb-help-0.20220908git8b5f1f3-0.12.oe2203sp2.noarch.rpm stb-0.20220908git8b5f1f3-0.12.oe2203sp2.src.rpm stb_ds-devel-0.67.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_perlin-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_voxel_render-devel-0.89.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_easy_font-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_textedit-devel-1.14.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_image_write-devel-1.16.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_image-devel-2.27.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_herringbone_wang_tile-devel-0.7.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_truetype-devel-1.26.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_rect_pack-devel-1.1.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb-devel-0.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_connected_components-devel-0.96.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_leakcheck-devel-0.6.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_divide-devel-0.94.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_hexwave-devel-0.5.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_vorbis-devel-1.22.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_c_lexer-devel-0.12.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_sprintf-devel-1.10.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_dxt-devel-1.12.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_image_resize-devel-0.97.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_tilemap_editor-devel-0.42.20220908git8b5f1f3-0.12.oe2203sp2.x86_64.rpm stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed 2024-03-08 CVE-2023-45666 openEuler-22.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H stb security update 2024-03-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1263 stb_image is a single file MIT licensed library for processing images.If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. 2024-03-08 CVE-2023-45667 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H stb security update 2024-03-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1263