Git Product home page Git Product logo

ndk-samples-wei-1602's Introduction

NDK Samples build

This repository contains Android NDK samples with Android Studio C++ integration.

These samples use the new CMake Android plugin with C++ support.

Samples could also be built with other build systems:

  • for ndk-build with Android Studio, refer to directory other-builds/ndkbuild
  • for gradle-experimental plugin, refer to directory other-builds/experimental. Note that gradle-experimental does not work with unified headers yet: use NDK version up to r15 and Android Studio up to version 2.3. When starting new project, please use CMake or ndk-build plugin.

Additional Android Studio samples:

Documentation

Known Issues

For samples using Android.mk build system with ndk-build see the android-mk branch.

Build Steps

  • With Android Studio: "Open An Existing Android Studio Project" or "File" > "Open", then navigate to & select project's build.gradle file.
  • On Command Line: set up ANDROID_HOME and ANDROID_NDK_HOME to your SDK and NDK path, cd to individual sample dir, and do "gradlew assembleDebug"

Support

For any issues you found in these samples, please

For Android NDK generic questions, please ask on Stack Overflow, Android teams are periodically monitoring questions there.

License

Copyright 2018 The Android Open Source Project, Inc.

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

LICENSE

ndk-samples-wei-1602's People

Contributors

adithya321 avatar atneya avatar bradleybauer avatar brianpl avatar claywilkinson avatar critsec avatar danalbert avatar devdengchao avatar digit-android avatar dimitry- avatar dturner avatar enh-google avatar ggfan avatar gkasten avatar hak avatar joe-skb7 avatar kottsone avatar marcone avatar miaowang14 avatar nisrulz avatar ph0b avatar pixelflinger avatar proppy avatar qchong avatar rcgonzalezf avatar rschiu avatar scottamain avatar sistr22 avatar tjohns avatar yaraki avatar

ndk-samples-wei-1602's Issues

org.eclipse.jgit-4.0.1.201506240215-r.jar: 4 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - org.eclipse.jgit-4.0.1.201506240215-r.jar

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jcraft/jsch/0.1.51/6ceee2696b07cc320d0e1aaea82c7b40768aca0f/jsch-0.1.51.jar

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2020-13956 Medium 5.3 httpclient-4.1.3.jar Transitive 5.1.0.201809111528-r
CVE-2014-3577 Medium 4.8 httpclient-4.1.3.jar Transitive 4.0.2.201509141540-r
CVE-2016-5725 Low 3.7 jsch-0.1.51.jar Transitive 4.7.0.201704051617-r
CVE-2012-6153 Low 3.7 httpclient-4.1.3.jar Transitive 4.0.2.201509141540-r

Details

CVE-2020-13956

Vulnerable Library - httpclient-4.1.3.jar

HttpComponents Client (base module)

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar

Dependency Hierarchy:

  • org.eclipse.jgit-4.0.1.201506240215-r.jar (Root Library)
    • httpclient-4.1.3.jar (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Publish Date: 2020-12-02

URL: CVE-2020-13956

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-13956

Release Date: 2020-12-02

Fix Resolution (org.apache.httpcomponents:httpclient): 4.5.13

Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 5.1.0.201809111528-r

⛑️ Automatic Remediation is available for this issue

CVE-2014-3577

Vulnerable Library - httpclient-4.1.3.jar

HttpComponents Client (base module)

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar

Dependency Hierarchy:

  • org.eclipse.jgit-4.0.1.201506240215-r.jar (Root Library)
    • httpclient-4.1.3.jar (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Publish Date: 2014-08-21

URL: CVE-2014-3577

CVSS 3 Score Details (4.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2014-08-21

Fix Resolution (org.apache.httpcomponents:httpclient): 4.3.5

Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.0.2.201509141540-r

⛑️ Automatic Remediation is available for this issue

CVE-2016-5725

Vulnerable Library - jsch-0.1.51.jar

JSch is a pure Java implementation of SSH2

Library home page: http://www.jcraft.com/jsch/

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.jcraft/jsch/0.1.51/6ceee2696b07cc320d0e1aaea82c7b40768aca0f/jsch-0.1.51.jar

Dependency Hierarchy:

  • org.eclipse.jgit-4.0.1.201506240215-r.jar (Root Library)
    • jsch-0.1.51.jar (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Publish Date: 2017-01-19

URL: CVE-2016-5725

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725

Release Date: 2017-01-19

Fix Resolution (com.jcraft:jsch): 0.1.54

Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.7.0.201704051617-r

⛑️ Automatic Remediation is available for this issue

CVE-2012-6153

Vulnerable Library - httpclient-4.1.3.jar

HttpComponents Client (base module)

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.1.3/16cf5a6b78951f50713d29bfae3230a611dc01f0/httpclient-4.1.3.jar

Dependency Hierarchy:

  • org.eclipse.jgit-4.0.1.201506240215-r.jar (Root Library)
    • httpclient-4.1.3.jar (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Publish Date: 2014-09-04

URL: CVE-2012-6153

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153

Release Date: 2014-09-04

Fix Resolution (org.apache.httpcomponents:httpclient): 4.2.3

Direct dependency fix Resolution (org.eclipse.jgit:org.eclipse.jgit): 4.0.2.201509141540-r

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

jquery-1.11.0.min.js: 4 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - jquery-1.11.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js

Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2020-11023 Medium 6.1 jquery-1.11.0.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022 Medium 6.1 jquery-1.11.0.min.js Direct jQuery - 3.5.0
CVE-2019-11358 Medium 6.1 jquery-1.11.0.min.js Direct jquery - 3.4.0
CVE-2015-9251 Low 3.7 jquery-1.11.0.min.js Direct jQuery - 3.0.0

Details

CVE-2020-11023

Vulnerable Library - jquery-1.11.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js

Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js

Dependency Hierarchy:

  • jquery-1.11.0.min.js (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-1.11.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js

Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js

Dependency Hierarchy:

  • jquery-1.11.0.min.js (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

CVE-2019-11358

Vulnerable Library - jquery-1.11.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js

Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js

Dependency Hierarchy:

  • jquery-1.11.0.min.js (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

CVE-2015-9251

Vulnerable Library - jquery-1.11.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js

Path to vulnerable library: /display-p3/third_party/mathfu/dependencies/fplutil/perf/tools/telemetry/telemetry/core/platform/profiler/perf_vis/jquery-1.11.0.min.js

Dependency Hierarchy:

  • jquery-1.11.0.min.js (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - 3.0.0

junit-4.12.jar: 1 vulnerabilities (highest severity is: 5.5)

Vulnerable Library - junit-4.12.jar

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

Library home page: http://junit.org

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /modules-2/files-2.1/junit/junit/4.12/2973d150c0dc1fefe998f834810d68f278ea58ec/junit-4.12.jar

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2020-15250 Medium 5.5 junit-4.12.jar Direct 4.13.1

Details

CVE-2020-15250

Vulnerable Library - junit-4.12.jar

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

Library home page: http://junit.org

Path to dependency file: /builder/build.gradle

Path to vulnerable library: /modules-2/files-2.1/junit/junit/4.12/2973d150c0dc1fefe998f834810d68f278ea58ec/junit-4.12.jar

Dependency Hierarchy:

  • junit-4.12.jar (Vulnerable Library)

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerability Details

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.

Publish Date: 2020-10-12

URL: CVE-2020-15250

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-269g-pwp5-87pp

Release Date: 2020-10-12

Fix Resolution: 4.13.1

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

stb4af130e86341928e3003ba5657f3e9faec50c1dc: 6 vulnerabilities (highest severity is: 8.8)

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_image.h

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2022-28048 High 8.8 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct com.basemark.rocksolidsdk - 0.1.5
CVE-2022-25516 High 7.5 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct N/A
CVE-2022-25515 High 7.5 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct N/A
CVE-2022-25514 High 7.5 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct N/A
CVE-2021-42716 High 7.1 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct com.basemark.rocksolidsdk - 0.1.5
CVE-2021-42715 Medium 5.5 stb4af130e86341928e3003ba5657f3e9faec50c1dc Direct com.basemark.rocksolidsdk - 0.1.5

Details

CVE-2022-28048

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_image.h

Vulnerability Details

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.

Publish Date: 2022-04-15

URL: CVE-2022-28048

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-28048

Release Date: 2022-04-15

Fix Resolution: com.basemark.rocksolidsdk - 0.1.5

CVE-2022-25516

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_truetype.h

Vulnerability Details

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.

Publish Date: 2022-03-17

URL: CVE-2022-25516

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2022-25515

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_truetype.h

Vulnerability Details

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.

Publish Date: 2022-03-17

URL: CVE-2022-25515

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2022-25514

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_truetype.h

Vulnerability Details

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.

Publish Date: 2022-03-17

URL: CVE-2022-25514

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2021-42716

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_image.h

Vulnerability Details

An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.

Publish Date: 2021-10-21

URL: CVE-2021-42716

CVSS 3 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-42716

Release Date: 2021-10-21

Fix Resolution: com.basemark.rocksolidsdk - 0.1.5

CVE-2021-42715

Vulnerable Library - stb4af130e86341928e3003ba5657f3e9faec50c1dc

stb single-file public domain libraries for C/C++

Library home page: https://github.com/nothings/stb.git

Found in HEAD commit: f9ab46dc02eb9f288341bd45c13b4a231f876515

Found in base branch: main

Vulnerable Source Files (1)

/display-p3/third_party/stb/stb_image.h

Vulnerability Details

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Publish Date: 2021-10-21

URL: CVE-2021-42715

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-42715

Release Date: 2021-10-21

Fix Resolution: com.basemark.rocksolidsdk - 0.1.5

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.