CVE-2023-45666

一、漏洞信息
 漏洞编号：[CVE-2023-45666](https://nvd.nist.gov/vuln/detail/CVE-2023-45666)
 漏洞归属组件：[stb](https://gitee.com/src-openeuler/stb)
 漏洞归属的版本：0.20220908git8b5f1f3
 CVSS V3.0分值：
  BaseScore：9.8 Critical
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  stb_image is a single file MIT licensed library for processing images.  It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
 漏洞公开时间：2023-10-21 00:15:09
 漏洞创建时间：2023-10-21 10:09:29
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-45666
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| security-advisories.github.com | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 |  |
| security-advisories.github.com | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 |  |
| security-advisories.github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ |  |
| security-advisories.github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ |  |
| security-advisories.github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ |  |
| security-advisories.github.com | https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ |  |
| redhat_bugzilla | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 | https://bugzilla.redhat.com/show_bug.cgi?id=2246109 |
| redhat_bugzilla | https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ | https://bugzilla.redhat.com/show_bug.cgi?id=2246109 |
| redhat_bugzilla | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 | https://bugzilla.redhat.com/show_bug.cgi?id=2246109 |
| cve_search |  | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 |
| cve_search |  | https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ |
| cve_search |  | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVQ7ONFH5GWLMXYEAJG32A3EUKUCEVCR/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVABVF4GEM6BYD5L4L64RCRSXUHY6LGN/ |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMXKOKPP4BKTNUTF5KSRDQAWOUILQZNO/ |
| snyk | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 | https://security.snyk.io/vuln/SNYK-UNMANAGED-NOTHINGSSTB-6026539 |
| snyk | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 | https://security.snyk.io/vuln/SNYK-UNMANAGED-NOTHINGSSTB-6026539 |
| security-advisories.github.com | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6957 |  |
| security-advisories.github.com | https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_image.h#L6962-L7045 |  |
| security-advisories.github.com | https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
      stb_image是麻省理工学院授权的用于处理图像的单文件库。看起来stbi__load_gif_main没有保证输出值*的内容在失败时延迟。尽管它在一开始就将*延迟设置为零，但在图像未被识别为GIF的情况下不会这样做，并且对stbi__load_GIF_main_outofmem的调用只释放*延迟中可能分配的内存，而不会将其重置为零。因此，可以公平地说，只有当stbi__load_gif_main返回非null值时，stbi__load_gif_man的调用方才有责任在*延迟中释放分配的内存。然而，同时，如果内部调用stbi__convert_format并失败，函数可能会返回null值，但无法在*延迟中释放内存。因此，如果调用方选择仅在stbi__load_gif_main没有失败时释放延迟，或者如果总是释放延迟，则该问题可能导致内存泄漏。  
 openEuler评分：
  9.8
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.master(0.20220908git8b5f1f3):受影响
2.openEuler-22.03-LTS-Next(0.20220908git8b5f1f3):受影响
3.openEuler-22.03-LTS-SP2(0.20220908git8b5f1f3):受影响
4.openEuler-22.03-LTS-SP3(0.20220908git8b5f1f3):受影响
5.openEuler-20.03-LTS-SP1:不受影响
6.openEuler-20.03-LTS-SP4:不受影响
7.openEuler-22.03-LTS:不受影响
8.openEuler-22.03-LTS-SP1:不受影响

修复是否涉及abi变化(是/否)：
  1.master(0.20220908git8b5f1f3):否
2.openEuler-22.03-LTS-Next(0.20220908git8b5f1f3):否
3.openEuler-22.03-LTS-SP2(0.20220908git8b5f1f3):否
4.openEuler-22.03-LTS-SP3(0.20220908git8b5f1f3):否
5.openEuler-20.03-LTS-SP1:否
6.openEuler-20.03-LTS-SP4:否
7.openEuler-22.03-LTS:否
8.openEuler-22.03-LTS-SP1:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1263

src-openEuler/stb
Closed

Content Risk Flag

Comments (7)

src-openEuler/stbClosed .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2023-45666

Comments (7)

Search

src-openEuler/stb
Closed