CVE-2026-5185 — Improper Restriction of Operations within the Bounds of a Memory Buffer in STB Image

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 97.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nothings STB Image Debian Libstb

Timeline

PublishedMar 31

Description

A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5nothings/stb_image31 versions+30

▶debiandebian/libstb

🔴Vulnerability Details

OSV

CVE-2026-5185: A security flaw has been discovered in Nothings stb_image up to 2↗2026-03-31

▶

GHSA

GHSA-ccf6-mw22-wphc: A security flaw has been discovered in Nothings stb_image up to 2↗2026-03-31

▶

📋Vendor Advisories

Debian

CVE-2026-5185: libstb - A security flaw has been discovered in Nothings stb_image up to 2.30. This affec...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5185 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶