Nothings stb_image Heap-Based Buffer Overflow Vulnerability in Multi-Frame GIF Handler

A heap-based buffer overflow vulnerability has been identified in Nothings stb_image versions through 2.30. The issue arises in the function 'stbi__gif_load_next' within 'stb_image.h', specifically in the Multi-frame GIF File Handler component. The vulnerability is triggered by a crafted multi-frame GIF file, which exploits an incorrectly calculated pointer, leading to an out-of-bounds memory read. This manipulation causes a heap-buffer-overflow condition, with potential impacts including information disclosure through a heap memory leak and a denial-of-service by causing a crash.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, causing an out-of-bounds memory read. This type of memory corruption can often be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by compiling a C program with AddressSanitizer enabled, which will detect the heap-buffer-overflow. The compiled program can then be run with a crafted GIF file that triggers the vulnerability. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.