CVE-2022-25514

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions stb truetype.h version 1.26

Description A heap-buffer-overflow issue was discovered in the ttUSHORT() function at stb truetype.h. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, highlighting the disclaimer.

Recommendations For stb truetype.h version 1.26, consider restricting the use of the ttUSHORT() function until a fix is available, and ensure that only trusted input is used with this version.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

CVE-2022-25514

Affected Products

Stb Truetype.H

CVE-2022-25514

Weakness Enumeration

Related Identifiers

Affected Products

References · 9