exploitDog

CVE-2020-6622

Опубликовано: 08 янв. 2020

Источник: debian

EPSS Низкий

Описание

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

Примечания

libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files
The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it.
https://github.com/nothings/stb/issues/869

EPSS

Процентиль: 53%

0.00296

Низкий

Связанные уязвимости

CVE-2020-6622

CVSS3: 8.8

ubuntu

около 6 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

CVE-2020-6622

CVSS3: 8.8

nvd

около 6 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

GHSA-hw3p-v9jj-rf7j

github

больше 3 лет назад

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

EPSS

Процентиль: 53%

0.00296

Низкий