Debian alert DLA-4493-1 (libstb)
| From: | Abhijith PA <abhijith@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4493-1] libstb security update | |
| Date: | Thu, 26 Feb 2026 13:51:48 +0530 | |
| Message-ID: | <aaACnODfPe6hcR2G@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4493-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA February 26, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libstb Version : 0.0~git20200713.b42009b+ds-1+deb11u1 CVE ID : CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042 Several vulnerabilities were discovered in libstb, single-file image and audio processing libraries for C/C++. CVE-2021-28021 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h. Can be exploited with a crafted JPEG file. CVE-2021-37789 a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. CVE-2021-42715 The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. CVE-2022-28041 an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. CVE-2022-28042 a heap-based use-after-free via the function stbi__jpeg_huff_decode. For Debian 11 bullseye, these problems have been fixed in version 0.0~git20200713.b42009b+ds-1+deb11u1. We recommend that you upgrade your libstb packages. For the detailed security status of libstb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libstb Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmmgApgACgkQhj1N8u2c KO+cew/+Lb/dR7gd/OODsXHxzH6MVP83uQnyZUWpSAVsZb1ZY96I9YLtLRH2TKRG ZKwrv4aJJMHxl6tEAN3n1NSzMo0pLi7qozig17qSv4ErNEtr4bTIeaxqnzGlphwV 1lH3o/HLhKQyUGyYRwk8Qqm4H/K0QFroZtCemGwsriD+RD6PvMRD+dped94cK87z drqXcWo4OuFNYnvHJKmJMS9J9V8mz9UcwzL7IOQwI+98RMBo+QG22hMKCj46J69g +WEmHOkuT0+GHVnKr+PQTvvBZFEqhdHyfV7IgCQ33/thKpcBM2Q7xA69HKP+Ct/H ZVJqeAuFt3XKc4KPXPDod7PTdes8jtJkFUU9vnh0SVkesatVj0JoCa7gONPBIey0 LCwvE7XgMh4ja76P1EIsloeLMx0NQn+2MYnHp77TcP32oUWl0ZozdnjDw7C1rzi0 LvtFHjG/UNXk2rrO1mV+VppbU2AKk2/ON5dEscCf29N3l9YD+OfdOGL3a7OQLpAH kTDVD4Sd9xw4d71rNDQkwsWV1sQ8KfpO5KpFFCywpGcuHL8p6mW57BoFk+R8Ekwa Qb6sbm13qTMY+suXSaxlztrcU+IiBPHmkdrQ6wao8nEdSd92xZnsx5V/iE5nRD/j htTrjrk5Dlls4+jO9QE5JdX8Mw8UxiUA21lQ+QOULoK3bXWC7iU= =jSCp -----END PGP SIGNATURE-----