CVE-2020-661708.01.2020, 23:15stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.EnginsightSeverityHIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAtk. VectorNETWORKAtk. ComplexityLOWPriv. RequiredNONEBase ScoreCVSS 3.xEPSS ScorePercentile: 65%VendorProductVersionnothingsstb_truetype.h𝑥≤ 1.22𝑥= Vulnerable software versionsUbuntu ReleasesUbuntu ProductCodenamelibstbnobleneeds-triagemanticignoredlunarignoredkineticignoredjammyneeds-triageimpishignoredhirsuteignoredgroovyignoredfocalneeds-triageeoanignoreddiscoignoredbionicdnexenialdnetrustydneKnown Exploits!https://github.com/nothings/stb/issues/864Common Weakness EnumerationCWE-617 - Reachable AssertionThe product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Referenceshttps://github.com/nothings/stb/issues/864