CVE-2022-25516

Name of the Vulnerable Software and Affected Versions stb truetype.h version 1.26

Description A heap-buffer-overflow issue was discovered in the stbtt find table function at stb truetype.h. It is noted that the source code includes a disclaimer stating it should only be used with trusted input. A third party has disputed this, indicating potential concerns about the input validation.

Recommendations For stb truetype.h version 1.26, consider restricting the use of the stbtt find table function until a patch or fix is available, and ensure that only trusted input is used with this version.