Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2018-16981 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2018-16981

HIGH8.8

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

Published Sep 12, 2018

Modified 6 months ago

No fix available

Details

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

Affected Packages

Ubuntu:24.04:LTScatimg

Affected versions:

2.7.0-2

Ubuntu:18.04:LTScatimg

Affected versions:

2.4.0-1

Ubuntu:25.04catimg

Affected versions:

2.7.0-2

Ubuntu:22.04:LTScatimg

Affected versions:

2.7.0-1

Ubuntu:20.04:LTScatimg

Affected versions:

2.5.0-1

Ubuntu:Pro:18.04:LTScatimg

Affected versions:

2.4.0-1

Ubuntu:Pro:20.04:LTScatimg

Affected versions:

2.5.0-1

Ubuntu:22.04:LTSccextractor

Affected versions:

0.88+ds1-10.93+ds2-10.93+ds2-1ubuntu10.93+ds2-2

Ubuntu:Pro:20.04:LTSccextractor

Affected versions:

0.87+ds1-1

Ubuntu:24.04:LTSccextractor

Affected versions:

0.94+ds1-30.94+ds1-3build20.94+ds1-3build3

Ubuntu:22.04:LTSgoxel

Affected versions:

0.10.6-30.10.8-1

Ubuntu:Pro:18.04:LTSgoxel

Affected versions:

0.7.1-20.7.2-1

Ubuntu:24.04:LTSgoxel

Affected versions:

0.11.0-1.10.11.0-1.1build20.11.0-1.1build3

Ubuntu:Pro:20.04:LTSgoxel

Affected versions:

0.8.1-10.8.1-1build1

Ubuntu:25.04goxel

Affected versions:

0.11.0-1.1build3

Ubuntu:22.04:LTSlibsfml

Affected versions:

2.5.1+dfsg-1build12.5.1+dfsg-2

Ubuntu:16.04:LTSlibsfml

Affected versions:

2.3.2+dfsg-1

Ubuntu:Pro:16.04:LTSlibsfml

Affected versions:

2.3.2+dfsg-1

Ubuntu:Pro:20.04:LTSlibsfml

Affected versions:

2.5.1+dfsg-12.5.1+dfsg-1build1

Ubuntu:Pro:18.04:LTSlibsfml

Affected versions:

2.4.2+dfsg-4

Ubuntu:25.04libsfml

Affected versions:

2.6.1+dfsg-32.6.2+dfsg-12.6.2+dfsg-22.6.2+dfsg-2build1

Ubuntu:24.04:LTSlibsfml

Affected versions:

2.5.1+dfsg-2build12.6.1+dfsg-22.6.1+dfsg-2build12.6.1+dfsg-2build2

Ubuntu:22.04:LTSlibsixel

Affected versions:

1.10.3-21.10.3-31.8.6-2

Ubuntu:25.04libsixel

Affected versions:

1.10.3-3build11.10.5-1

Ubuntu:Pro:18.04:LTSlibsixel

Affected versions:

1.5.2-21.7.3-1

Ubuntu:24.04:LTSlibsixel

Affected versions:

1.10.3-31.10.3-3build1

Ubuntu:Pro:16.04:LTSlibsixel

Affected versions:

1.4.2-11.5.2-2

Ubuntu:Pro:20.04:LTSlibsixel

Affected versions:

1.8.2-11.8.2-2.1

Ubuntu:22.04:LTSlove

Affected versions:

11.3-1

Ubuntu:25.04love

Affected versions:

11.5-2

Ubuntu:24.04:LTSlove

Affected versions:

11.4-111.5-111.5-1build1

Ubuntu:Pro:18.04:LTSlove

Affected versions:

0.9.1-4ubuntu1

Ubuntu:Pro:20.04:LTSlove

Affected versions:

11.1-211.3-1

Ubuntu:Pro:16.04:LTSlove

Affected versions:

0.9.1-3ubuntu1

Ubuntu:Pro:20.04:LTSmame

Affected versions:

0.206+dfsg.1-10.214+dfsg.1-20.215+dfsg.1-10.217+dfsg.1-10.217+dfsg.1-1build10.218+dfsg.1-10.220+dfsg.1-1

Ubuntu:Pro:16.04:LTSmame

Affected versions:

0.160-0ubuntu1

Ubuntu:22.04:LTSmame

Affected versions:

0.235+dfsg.1-1ubuntu10.237+dfsg.1-10.238+dfsg.1-10.239+dfsg.1-10.240+dfsg.1-10.242+dfsg.1-1

Ubuntu:24.04:LTSmame

Affected versions:

0.257+dfsg.1-10.258+dfsg.1-1build10.261+dfsg.1-10.261+dfsg.1-1build20.261+dfsg.1-1build30.264+dfsg.1-1

Ubuntu:Pro:18.04:LTSmame

Affected versions:

0.188+dfsg.1-0ubuntu20.189+dfsg.1-10.192+dfsg.1-0ubuntu10.195+dfsg.1-2

Ubuntu:25.04mame

Affected versions:

0.269+dfsg.1-10.270+dfsg.1-10.272+dfsg.1-10.273+dfsg.1-10.274+dfsg.1-20.275+dfsg.1-3

Ubuntu:Pro:20.04:LTSrenderdoc

Affected versions:

1.4+dfsg-11.5+dfsg-11.5+dfsg-21.6+dfsg-11.6+dfsg-1build11.6+dfsg-1build2

Ubuntu:22.04:LTSrenderdoc

Affected versions:

1.11+dfsg-51.15+dfsg-11.16+dfsg-11.16+dfsg-1build11.18+dfsg-1

Ubuntu:24.04:LTSretroarch

Affected versions:

1.14.0+dfsg-1build11.15.0+dfsg-11.16.0.3+dfsg-11.18.0+dfsg-1

Ubuntu:Pro:18.04:LTSretroarch

Affected versions:

1.4.1+dfsg1-1

Ubuntu:22.04:LTSretroarch

Affected versions:

1.7.3+dfsg1-1.1build1

Ubuntu:25.04retroarch

Affected versions:

1.19.1+dfsg-1build11.20.0+dfsg-11.20.0+dfsg-21.20.0+dfsg-2build1

Ubuntu:Pro:20.04:LTSretroarch

Affected versions:

1.7.3+dfsg1-1.11.7.3+dfsg1-1build1

Ubuntu:22.04:LTStweeny

Affected versions:

3-2

Ubuntu:25.04tweeny

Affected versions:

3-2

Ubuntu:24.04:LTStweeny

Affected versions:

3-2

Ubuntu:Pro:20.04:LTStweeny

Affected versions:

3-13-2

Ubuntu:25.04zam-plugins

Affected versions:

4.2+ds-1build1

Ubuntu:Pro:20.04:LTSzam-plugins

Affected versions:

3.9~repack3-13.9~repack3-1build1

Ubuntu:Pro:16.04:LTSzam-plugins

Affected versions:

3.5~repack0-7build13.6~repack2-3

Ubuntu:22.04:LTSzam-plugins

Affected versions:

3.14~repack3-1

Ubuntu:Pro:18.04:LTSzam-plugins

Affected versions:

3.8~repack2-13.9~repack3-1

Ubuntu:24.04:LTSzam-plugins

Affected versions:

4.1+ds-24.1+ds-34.2+ds-14.2+ds-1build1

Ubuntu:22.04:LTSzynaddsubfx

Affected versions:

3.0.5-2build1

Ubuntu:24.04:LTSzynaddsubfx

Affected versions:

3.0.6-63.0.6-6build13.0.6-6build23.0.6-6build3

Ubuntu:25.04zynaddsubfx

Affected versions:

3.0.6-6build3

Ubuntu:Pro:16.04:LTSzynaddsubfx

Affected versions:

2.5.1-22.5.2-22.5.2-2ubuntu1

Ubuntu:Pro:18.04:LTSzynaddsubfx

Affected versions:

3.0.2-13.0.3-1

Ubuntu:Pro:20.04:LTSzynaddsubfx

Affected versions:

3.0.5-23.0.5-2build1

References

REPORThttps://github.com/nothings/stb/issues/656 REPORThttps://ubuntu.com/security/CVE-2018-16981 REPORThttps://www.cve.org/CVERecord?id=CVE-2018-16981

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Upstream

CVE-2018-16981

Ecosystems

Ubuntu 24.04 LTS Ubuntu 18.04 LTS Ubuntu 25.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu Pro 18.04 LTS Ubuntu Pro 20.04 LTS Ubuntu 16.04 LTS Ubuntu Pro 16.04 LTS

Timeline

PublishedSep 12, 2018

ModifiedJul 14, 2025