CVE-2020-6617

Опубликовано: 08 янв. 2020

Источник: debian

Описание

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.

libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
https://github.com/nothings/stb/issues/867

CVE-2020-6617

CVSS3: 8.8

ubuntu

около 6 лет назад

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.

CVE-2020-6617

CVSS3: 8.8

nvd

около 6 лет назад

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.

GHSA-68cv-h8f5-g7hw

github

больше 3 лет назад

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.