Stb image.h

This hub aggregates every CVE we track for Stb image.h. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Stb image.h.

• CVE-2025-3409Nothings stb stb_include_string stack-based overflow6.3Apr 8, 2025
• CVE-2025-3408Nothings stb stb_dupreplace integer overflow6.3Apr 8, 2025
• CVE-2025-3407Nothings stb stbhw_build_tileset_from_image out-of-bounds6.3Apr 8, 2025
• CVE-2025-3406Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds4.3Apr 8, 2025
• CVE-2023-43281Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.6.5Oct 24, 2023
• CVE-2023-45667Null pointer dereference because of an uninitialized variable in stb_image5.3Oct 20, 2023
• CVE-2023-45666Possible double-free or memory leak in stbi__load_gif_main in stb_image7.3Oct 20, 2023
• CVE-2023-45664Double-free in stbi__load_gif_main_outofmem in stb_image7.3Oct 20, 2023
• CVE-2023-45663Disclosure of uninitialized memory in stbi__tga_load in stb_image5.3Oct 20, 2023
• CVE-2023-45662Multi-byte read heap buffer overflow in stbi__vertical_flip in stb_image6.5Oct 20, 2023
• CVE-2023-45661Wild address read in stbi__gif_load_next in stb_image6.5Oct 20, 2023
• CVE-2023-43898Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pi...5.5Oct 3, 2023
• CVE-2022-28041stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecif...6.5Apr 15, 2022
• CVE-2022-28042stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.8.8Apr 15, 2022
• CVE-2021-42716An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the...7.1Oct 21, 2021