Am Tue, Nov 08, 2022 at 08:42:05PM +0100 schrieb Moritz Mühlenhoff: > Source: libstb > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for libstb. > > CVE-2021-37789[0]: > | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, > | leading to Information Disclosure or Denial of Service. > > https://github.com/nothings/stb/issues/1178
This is fixed in https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40 Could we get that fixed for bookworm? Cheers, Moritz