More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2358118 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
http://nvd.nist.gov/vuln/detail/CVE-2025-3406 The CVE contains little detail and no suggested mitigation. It is easy to see how an incorrect image-width argument w to the function stbhw_build_tileset_from_image could result in an out-of-bounds read in the data buffer, but an API user only supplies the buffer size indirectly via the w and h arguments, so it’s incumbent on the API user to make sure they are sane – there is nothing that can be done within stbhw_build_tileset_from_image to further validate them. I am inclined to suggest that this CVE is invalid: the API user must provide a consistent width, height, and data buffer. We don’t say that memcpy() is vulnerable because an API user could pass it the wrong size argument n.