mbrubeck
commented
1 year ago Thank you. This fix has been released in stb_image 0.2.5.
Submitted a RustSec advisory: https://github.com/rustsec/advisory-db/pull/1647
Closed 0xdd96 closed 1 year ago
mbrubeck
commented
1 year ago Thank you. This fix has been released in stb_image 0.2.5.
Submitted a RustSec advisory: https://github.com/rustsec/advisory-db/pull/1647
Related issue: https://github.com/libsixel/libsixel/issues/73 & https://github.com/nothings/stb/issues/1452
Specifically, if the
stbi__pic_load_corefunction returns 0 (line 5409),resultwill be released (line 5410) and set to 0 (line 5411). This null pointer will be dereferenced instbi__convert_format(line 5416), which would crash the application.https://github.com/servo/rust-stb-image/blob/90bce374ef8ccebbe112d71e2e7b5b8aaf3add39/src/stb_image.c#L5409-L5416