Описание
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw was found in Nothings stb. A remote attacker could exploit a vulnerability in the stbtt__buf_get8 function of the stb_truetype.h library by manipulating input. This could lead to an out-of-bounds read, potentially causing a denial of service (DoS) for affected systems.
Отчет
This Moderate impact vulnerability in Nothings stb, specifically within the stb_truetype.h library's TTF file handling, could allow a remote attacker to trigger an out-of-bounds read. By manipulating input, an attacker could cause a denial of service on systems processing malicious TrueType Font files. This affects Red Hat Community Projects, including packages distributed via EPEL.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted TrueType font files with applications that utilize the Nothings stb library. Restrict the sources of font files to trusted origins to prevent potential denial of service attacks.
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was determined in Nothings stb up to 1.26. The affecte ...
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS
6.5 Medium
CVSS3