CVE-2025-3408Integer Overflow or Wraparound in STB Image.h

CWE-189CWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 52.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nothings STB Image.hNothings STB
Timeline
PublishedApr 8

Description

A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDnothings/stb_image.h2025-03-14
CVEListV5nothings/stbf056911

🔴Vulnerability Details

3
CVEList
Nothings stb stb_dupreplace integer overflow2025-04-08
OSV
CVE-2025-3408: A vulnerability was found in Nothings stb up to f0569112025-04-08
GHSA
GHSA-jfjp-pcc3-pr3f: A vulnerability was found in Nothings stb up to f0569112025-04-08

📋Vendor Advisories

1
Debian
CVE-2025-3408: libstb - A vulnerability was found in Nothings stb up to f056911. It has been rated as cr...2025
CVE-2025-3408 — Integer Overflow or Wraparound | cvebase