More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2358142 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
https://nvd.nist.gov/vuln/detail/CVE-2025-3407 The disclosure contains very little information and no suggested fix. The values h_count and v_count are not arguments to stbhw_build_tileset_from_image, but local variables. They are produced by stbhw__get_template_info as output parameters based on the contents of an stbhw_config structure, particularly on the num_color array, which is clearly populated based on header data from the image being processed. So it makes sense to believe that a crafted untrusted image might be able to cause an out-of-bounds read. However, the details of how these values are obtained and used are complicated, and no suggested fix or mitigation is currently available, so I’m not planning to attempt a downstream fix. I will monitor https://github.com/nothings/stb/issues/1769 and apply a sensible-looking patch if one appears. In general, upstream has not appeared very interested in security-related reports. Even when straightforward fixes have been available, PR’s have been merged slowly and irregularly. I would therefore expect that there will not be quick upstream action, and any candidate fix would come from the community.