cve/2023/CVE-2023-45662.md

### [CVE-2023-45662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45662)
![](https://img.shields.io/static/v1?label=Product&message=stb&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.28%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen)

### Description

stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. 

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds