CVE-2026-5313Improper Resource Shutdown or Release in STB

CWE-404Improper Resource Shutdown or ReleaseCWE-1286Improper Validation of Syntactic Correctness of Input8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 86.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nothings STB
Timeline
PublishedApr 1
Latest updateApr 2

Description

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5nothings/stb31 versions+30

🔴Vulnerability Details

3
GHSA
GHSA-2487-c6w9-prxm: A vulnerability has been found in Nothings stb up to 22026-04-02
OSV
CVE-2026-5313: A vulnerability has been found in Nothings stb up to 22026-04-01
CVEList
Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service2026-04-01

📋Vendor Advisories

2
Red Hat
Nothings stb: Nothings stb: Denial of Service in GIF Decoder via stbi__gif_load_next function2026-04-01
Debian
CVE-2026-5313: libstb - A vulnerability has been found in Nothings stb up to 2.30. This issue affects th...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5313 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-5313 stb: Nothings stb: Denial of Service in GIF Decoder via stbi__gif_load_next function [epel-all]2026-04-02
CVE-2026-5313 — Improper Resource Shutdown or Release | cvebase