Source: libstb Version: 0.0~git20241109.5c20573+ds-1 Severity: important Tags: security upstream Forwarded: https://github.com/nothings/stb/issues/1772 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libstb. CVE-2025-3406[0]: | A vulnerability was found in Nothings stb up to f056911. It has been | classified as problematic. Affected is the function | stbhw_build_tileset_from_image of the component Header Array | Handler. The manipulation of the argument w leads to out-of-bounds | read. It is possible to launch the attack remotely. This product is | using a rolling release to provide continious delivery. Therefore, | no version details for affected nor updated releases are available. | The vendor was contacted early about this disclosure but did not | respond in any way. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-3406 https://www.cve.org/CVERecord?id=CVE-2025-3406 [1] https://github.com/nothings/stb/issues/1772 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
