Vincebyeo

**Name of the Vulnerable Software and Affected Versions** stb truetype.h version 1.26 **Description** A heap-buffer-overflow issue was discovered in the `ttUSHORT()` function at stb truetype.h. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, highlighting the disclaimer. **Recommendations** For stb truetype.h version 1.26, consider restricting the use of the `ttUSHORT()` function until a fix is available, and ensure that only trusted input is used with this version.

**Name of the Vulnerable Software and Affected Versions** stb truetype.h version 1.26 **Description** A heap-buffer-overflow issue was discovered in stb truetype.h via the function `ttULONG()`. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, highlighting the disclaimer. **Recommendations** For stb truetype.h version 1.26, consider restricting the use of the `ttULONG()` function until a fix is available, and ensure that only trusted input is used with this version. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** stb truetype.h version 1.26 **Description** A heap-buffer-overflow issue was discovered in the stbtt find table function at stb truetype.h. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, indicating potential concerns about the input validation. **Recommendations** For stb truetype.h version 1.26, consider restricting the use of the `stbtt find table` function until a patch or fix is available, and ensure that only trusted input is used with this version.