CWE-125

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.