Security update for stb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0018-1 Final 1 1 2022-01-21T11:04:52Z current 2022-01-21T11:04:52Z 2022-01-21T11:04:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for stb This update for stb fixes the following issues: - CVE-2021-42716: fixed buffer overflow in stb_image PNM loader (boo#1191743) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-18 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G7QRUVRJT5W72APQEDYOZEMCHXZ5CMDO/ E-Mail link for openSUSE-SU-2022:0018-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1191743 SUSE Bug 1191743 https://www.suse.com/security/cve/CVE-2021-42716/ SUSE CVE CVE-2021-42716 page SUSE Package Hub 15 SP3 openSUSE Leap 15.3 stb-devel-2.32.1549563867.59e9702-bp153.2.3.1 stb-devel-2.32.1549563867.59e9702-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 stb-devel-2.32.1549563867.59e9702-bp153.2.3.1 as a component of openSUSE Leap 15.3 An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. CVE-2021-42716 SUSE Package Hub 15 SP3:stb-devel-2.32.1549563867.59e9702-bp153.2.3.1 openSUSE Leap 15.3:stb-devel-2.32.1549563867.59e9702-bp153.2.3.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G7QRUVRJT5W72APQEDYOZEMCHXZ5CMDO/ https://www.suse.com/security/cve/CVE-2021-42716.html CVE-2021-42716 https://bugzilla.suse.com/1191944 SUSE Bug 1191944