Nothings stb TTF File stb_truetype.h stbtt_InitFont_internal out-of-bounds

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

跨界内存读

stb 缓冲区错误漏洞

stb是Sean Barrett个人开发者的一个用于C/C++的stb单文件公共域库。 stb 1.26及之前版本存在缓冲区错误漏洞，该漏洞源于TTF File Handler组件中stb_truetype.h库的stbtt_InitFont_internal函数存在越界读取，可能导致远程攻击。

N/A

N/A