Open Crispy-fried-chicken opened 1 week ago
Seems like whatever code you're referencing is just an issue in the dependency zlib.
I think a PR to correct the issue would be appreciated, but since we use autotools rather than cmake, make sure the HAS_SSE2 thing they mention in the comment on that commit is included.
RetroArch doesn't use autotools. It uses its own homegrown configure script. In any case, I'm sure the bundled dependencies have many security problems, which is why you should use system versions whenever possible.
Hi, there we have detected that your project may be vulnerable to Heap-based Buffer Overflow. It shares similarities to a recent CVE disclosure CVE-2023-6992 in the https://github.com/freeswitch/sofia-sip. The affected file and functions are as follows:
deflate_stored (deflate_state *s,int flush)
in the file ofdeps/libz/deflate.c
The source vulnerability information is as follows:
Would you help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!