Vulnerabilities (CVE)

Filtered by vendor Nothings Subscribe
Total 33 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25514 1 Nothings 1 Stb Truetype.h 2024-11-21 5.0 MEDIUM 7.5 HIGH
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVE-2021-42716 2 Fedoraproject, Nothings 2 Fedora, Stb Image.h 2024-11-21 5.8 MEDIUM 7.1 HIGH
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
CVE-2021-42715 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
CVE-2020-6623 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
CVE-2020-6622 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.
CVE-2020-6621 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
CVE-2020-6620 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
CVE-2020-6619 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
CVE-2020-6618 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
CVE-2020-6617 1 Nothings 1 Stb Truetype.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
CVE-2019-20056 1 Nothings 1 Stb Image.h 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2019-19777 2 Libsixel Project, Nothings 2 Libsixel, Stb Image.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2018-16981 2 Debian, Nothings 2 Debian Linux, Stb Image.h 2024-11-21 6.8 MEDIUM 8.8 HIGH
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.