CVE-2023-43281

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 25, 2023
Updated: Nov 7, 2023
CWE ID 415

Summary

CVE-2023-43281 is a newly disclosed vulnerability affecting Nothings Stb Image library version 2.28. This issue represents a Double Free vulnerability, which can be exploited by a remote attacker. By supplying a specially crafted file, the attacker can trigger the stbi_load_gif_main function to free the same memory twice, resulting in a denial of service. This vulnerability can potentially allow an attacker to disrupt the normal operation of applications using the affected library.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share