CVE-2025-3406Improper Restriction of Operations within the Bounds of a Memory Buffer in STB Image.h

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 57.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nothings STB Image.hNothings STB
Timeline
PublishedApr 8

Description

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclo

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDnothings/stb_image.h2025-03-14
CVEListV5nothings/stbf056911

🔴Vulnerability Details

3
OSV
CVE-2025-3406: A vulnerability was found in Nothings stb up to f0569112025-04-08
CVEList
Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds2025-04-08
GHSA
GHSA-7249-98jq-4p25: A vulnerability was found in Nothings stb up to f0569112025-04-08

📋Vendor Advisories

1
Debian
CVE-2025-3406: libstb - A vulnerability was found in Nothings stb up to f056911. It has been classified ...2025
CVE-2025-3406 — Nothings STB Image.h vulnerability | cvebase