CVE-2022-25515
MEDIUMstb_truetype.h 1.26 - Heap-Based Buffer Overflow in ttULONG Function
Title source: llmDescription
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/nothings/stb/issues/1286
Exploit, Issue Tracking, Third Party Advisory
https://github.com/nothings/stb/issues/1288
Scores
CVSS v3
6.5
EPSS
0.0092
EPSS Percentile
56.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
nothings/stb_truetype.h
1.26
Published
Mar 17, 2022
Tracked Since
Feb 18, 2026