CVE-2022-25515

Name of the Vulnerable Software and Affected Versions stb truetype.h version 1.26

Description A heap-buffer-overflow issue was discovered in stb truetype.h via the function ttULONG(). It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, highlighting the disclaimer.

Recommendations For stb truetype.h version 1.26, consider restricting the use of the ttULONG() function until a fix is available, and ensure that only trusted input is used with this version. At the moment, there is no information about a newer version that contains a fix for this issue.