- Reported
-
- Issued
-
- Package
-
stb_image
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#NULL-pointer-dereference
- Aliases
-
- References
-
- Patched
-
Description
A bug in error handling in the stb_image C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stb_image Rust crate, by patching the C code to correctly handle NULL pointers.
Thank you to GitHub user 0xdd96 for finding and fixing this vulnerability.
Advisory available under CC0-1.0
license.