Vulnerability Details CVE-2022-25516
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.0
References
Products affected by CVE-2022-25516
-
cpe:2.3:a:nothings:stb_truetype.h:1.26