Security vulnerabilities and automated fixes for stb image issues
1 post found
A critical heap buffer overflow vulnerability was discovered and patched in a vendored copy of `stb_image.h`, a popular single-header image loading library. The root cause was a missing bounds check that allowed attacker-controlled image data to trigger memory writes beyond allocated heap buffers, potentially enabling arbitrary code execution. A single defensive guard — rejecting negative buffer lengths before any memory operation — closes this dangerous attack vector.