Every CVE whose affected-product data names Nothings Stb Image.h, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-28042 — CVSS 8.8 (high): stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
CVE-2018-16981 — CVSS 8.8 (high): stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code…
CVE-2019-19777 — CVSS 8.8 (high): stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2023-45666 — CVSS 7.3 (high): stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees…
CVE-2023-45664 — CVSS 7.3 (high): stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem`…
CVE-2021-42716 — CVSS 7.1 (high): An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA…
CVE-2023-45661 — CVSS 6.5 (medium): stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in…
CVE-2019-20056 — CVSS 6.5 (medium): stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2022-28041 — CVSS 6.5 (medium): stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows…
CVE-2023-43281 — CVSS 6.5 (medium): Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the…
CVE-2023-45662 — CVSS 6.5 (medium): stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and…
CVE-2025-3407 — CVSS 6.3 (medium): A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-3408 — CVSS 6.3 (medium): A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function…
CVE-2025-3409 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The…
CVE-2021-42715 — CVSS 5.5 (medium): An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite…
CVE-2023-43898 — CVSS 5.5 (medium): Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows…
CVE-2023-45663 — CVSS 5.3 (medium): stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from…
CVE-2023-45667 — CVSS 5.3 (medium): stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it…
CVE-2025-3406 — CVSS 4.3 (medium): A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function…