Loop with Unreachable Exit Condition ('Infinite Loop') Affecting clutter package, versions *
Threat Intelligence
EPSS
0.14% (51st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL6-CLUTTER-1768352
- published 28 Oct 2021
- disclosed 7 Oct 2021
Introduced: 7 Oct 2021
CVE-2021-42715 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:6 clutter.
NVD Description
Note: Versions mentioned in the description apply only to the upstream clutter package and not the clutter package as distributed by RHEL.
See How to fix? for RHEL:6 relevant fixed versions and status.
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
References
- https://access.redhat.com/security/cve/CVE-2021-42715
- https://github.com/nothings/stb/issues/1224
- https://github.com/nothings/stb/pull/1223
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXX76TJMZBPN3NU542MGN6B7C7QHRFGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/
CVSS Scores
version 3.1