[Git][security-tracker-team/security-tracker][master] extend comment for libstb

Thu, 17 Mar 2022 06:01:28 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4b3d60ac by Moritz Muehlenhoff at 2022-03-17T14:00:20+01:00
extend comment for libstb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4507,17 +4507,20 @@ CVE-2022-25517
 CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a 
heap-buffer-overflow  ...)
        - libstb <unfixed> (unimportant)
        NOTE: https://github.com/nothings/stb/issues/1287
-       NOTE: The stb_truetype API does not know the length of the input font 
file and therefore
+       NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
+       NOTE: Also, the stb_truetype API does not know the length of the input 
font file and therefore
        NOTE: cannot bounds check it.
 CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a 
heap-buffer-overflow  ...)
        - libstb <unfixed> (unimportant)
        NOTE: https://github.com/nothings/stb/issues/1288
-       NOTE: The stb_truetype API does not know the length of the input font 
file and therefore
+       NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
+       NOTE: Also, the stb_truetype API does not know the length of the input 
font file and therefore
        NOTE: cannot bounds check it.
 CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a 
heap-buffer-overflow  ...)
        - libstb <unfixed> (unimportant)
        NOTE: https://github.com/nothings/stb/issues/1286
-       NOTE: The stb_truetype API does not know the length of the input font 
file and therefore
+       NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
+       NOTE: Also, the stb_truetype API does not know the length of the input 
font file and therefore
        NOTE: cannot bounds check it.
 CVE-2022-25513
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b3d60acd48ff8ee6cfe6a011796e75b0ab61f9f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b3d60acd48ff8ee6cfe6a011796e75b0ab61f9f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to