RFont icon indicating copy to clipboard operation
RFont copied to clipboard
verified publisher icon ColleagueRiley

stb_truetype CVEs?

Open starseeker opened this issue 1 year ago • 1 comments

If I understand correctly there are a number of internal offsets in the code that don't validate against the overall buffer size, so there isn't any robustness to unsafe data (which is why stb_truetype.h warns users about that in their comments.) I would imagine RFont has the same limitations, since it uses stb_truetype code? If so, I was wondering if there might be any plans to make RFont more robust by adding the offset validations?

starseeker avatar May 09 '24 15:05 starseeker

To be honest with you I don't know anything about that. I don't currently have any plans to do that. Although I may look into it in the future.

ColleagueRiley avatar May 09 '24 16:05 ColleagueRiley