Описание
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
Примечания
libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
https://github.com/nothings/stb/issues/868
EPSS
Процентиль: 63%
0.00452
Низкий
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 6 лет назад
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
CVSS3: 8.8
nvd
около 6 лет назад
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
github
больше 3 лет назад
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
EPSS
Процентиль: 63%
0.00452
Низкий