Detections
Analytics

Debian dla-4493 : libstb-dev - security update

high Nessus Plugin ID 300133

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4493 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4493-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2026 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : libstb Version : 0.0~git20200713.b42009b+ds-1+deb11u1 CVE ID : CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042

 Several vulnerabilities were discovered in libstb, single-file image and audio processing libraries for C/C++.

 CVE-2021-28021

 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h. Can be exploited with a crafted JPEG file.

 CVE-2021-37789

 a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.

 CVE-2021-42715

 The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

 CVE-2022-28041

 an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

 CVE-2022-28042

 a heap-based use-after-free via the function stbi__jpeg_huff_decode.

 For Debian 11 bullseye, these problems have been fixed in version 0.0~git20200713.b42009b+ds-1+deb11u1.

 We recommend that you upgrade your libstb packages.

 For the detailed security status of libstb please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/libstb

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the libstb-dev packages.

See Also

https://security-tracker.debian.org/tracker/source-package/libstb

https://security-tracker.debian.org/tracker/CVE-2021-28021

https://security-tracker.debian.org/tracker/CVE-2021-37789

https://security-tracker.debian.org/tracker/CVE-2021-42715

https://security-tracker.debian.org/tracker/CVE-2022-28041

https://security-tracker.debian.org/tracker/CVE-2022-28042

https://packages.debian.org/source/bullseye/libstb

Plugin Details

Severity: High

ID: 300133

File Name: debian_DLA-4493.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/1/2026

Updated: 3/1/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-28042

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libstb-dev, p-cpe:/a:debian:debian_linux:libstb0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/26/2026

Vulnerability Publication Date: 10/15/2021

Reference Information

CVE: CVE-2021-28021, CVE-2021-37789, CVE-2021-42715, CVE-2022-28041, CVE-2022-28042