CVE-2023-45666

Name	CVE-2023-45666
Description	stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `delays` upon failure. Although it sets `delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1054911

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libstb (PTS)	buster	0.0~git20180212.15.e6afb9c-1	vulnerable
	buster (security)	0.0~git20180212.15.e6afb9c-1+deb10u1	vulnerable
	bullseye	0.0~git20200713.b42009b+ds-1	vulnerable
	bookworm	0.0~git20220908.8b5f1f3+ds-1	vulnerable
	sid, trixie	0.0~git20230129.5736b15+ds-1.2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libstb	source	(unstable)	(unfixed)			1054911

Notes

[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 6)
https://github.com/nothings/stb/issues/1548
https://github.com/nothings/stb/pull/1549