Improper Input Validation Affecting directxtex_uwp package, versions [0,2023.1.31.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Input Validation vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DOTNET-DIRECTXTEXUWP-3250293
  • published27 Jan 2023
  • disclosed26 Jan 2023
  • creditUnknown

Introduced: 26 Jan 2023

CVE NOT AVAILABLE CWE-20  (opens in a new tab)

How to fix?

Upgrade directxtex_uwp to version 2023.1.31.1 or higher.

Overview

directxtex_uwp is a DirectXTex texture processing library

Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video textures such as NV12. All functions in the library other than ConvertToSinglePlane fail immediately if given images in planar formats.

CVSS Scores

version 3.1