Debian 11 libstb Critical DoS and Buffer Overflow Advisory DLA-4493-1
debian lts
February 26, 2026
Several vulnerabilities were discovered in libstb, single-file image and audio processing libraries for C/C++
Topics Covered
Summary
CVE-2021-28021
Buffer overflow vulnerability in function stbi__extend_receive in
stb_image.h. Can be exploited with a crafted JPEG file.
CVE-2021-37789
a heap-based buffer over in stbi__jpeg_load, leading to
Information Disclosure or Denial of Service.
CVE-2021-42715
The HDR loader parsed truncated end-of-file RLE scanlines as an
infinite sequence of zero-length runs. An attacker could
potentially have caused denial of service in applications using
stb_image by submitting crafted HDR files.
CVE-2022-28041
an integer overflow via the function
stbi__jpeg_decode_block_prog_dc. This vulnerability allows
attackers to cause a Denial of Service (DoS) via unspecified
vectors.
CVE-2022-28042
a heap-based use-after-free via the function
stbi__jpeg_huff_decode.
For Debian 11 bullseye, these problems have been fixed in version
0.0~git20200713.b42009b+ds-1+deb11u1.
We recommend that you upgrade your libstb packages.
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: libstb
Version: 0.0~git20200713.b42009b+ds-1+deb11u1
CVE ID: CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!