diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-03-17 14:00:20 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-03-17 14:00:20 +0100 |
commit | 4b3d60acd48ff8ee6cfe6a011796e75b0ab61f9f (patch) | |
tree | 5153a10a85c7b5cccd14c15779f57ae3b848379b /data | |
parent | 85c813fd064fd31b6d22691e3f2d0e6cf4428aee (diff) |
extend comment for libstb
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 527c74ebb1..21981bd615 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4507,17 +4507,20 @@ CVE-2022-25517 CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - libstb <unfixed> (unimportant) NOTE: https://github.com/nothings/stb/issues/1287 - NOTE: The stb_truetype API does not know the length of the input font file and therefore + NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files + NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore NOTE: cannot bounds check it. CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - libstb <unfixed> (unimportant) NOTE: https://github.com/nothings/stb/issues/1288 - NOTE: The stb_truetype API does not know the length of the input font file and therefore + NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files + NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore NOTE: cannot bounds check it. CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) - libstb <unfixed> (unimportant) NOTE: https://github.com/nothings/stb/issues/1286 - NOTE: The stb_truetype API does not know the length of the input font file and therefore + NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files + NOTE: Also, the stb_truetype API does not know the length of the input font file and therefore NOTE: cannot bounds check it. CVE-2022-25513 RESERVED |