I'm confused about security notice #1584
-
|
Hi, I can't understand what kind of security issue this library has? How can someone perform attacks when using stb headers when they are compiled in machine code in final program? Can I get some examples? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
If you try to use stb_image to load an image provided by an attacker, bad things could potentially happen. If you only use it to load your own choice of images, generally things are fine. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for quick reply! Gladly I only need to use it to encode images. |
Beta Was this translation helpful? Give feedback.
-
|
Does this apply to PNG or JPG as well or more complicated formats like HDR EXR TGA? |
Beta Was this translation helpful? Give feedback.
-
|
If you're just using it to encode images it doesn't matter, but it applies to all formats (jpg and png are also complicated internally). |
Beta Was this translation helpful? Give feedback.
If you're just using it to encode images it doesn't matter, but it applies to all formats (jpg and png are also complicated internally).