CVE-2020-6618

Опубликовано: 08 янв. 2020

Источник: debian

Описание

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.

libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
https://github.com/nothings/stb/issues/866

CVE-2020-6618

CVSS3: 8.8

ubuntu

около 6 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.

CVE-2020-6618

CVSS3: 8.8

nvd

около 6 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.

GHSA-76cg-r53q-v3qw

github

больше 3 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.