CVE-2026-5315Improper Restriction of Operations within the Bounds of a Memory Buffer in STB

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read8 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nothings STB
Timeline
PublishedApr 2

Description

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5nothings/stb27 versions+26

🔴Vulnerability Details

3
GHSA
GHSA-gcmq-v5j6-6rjx: A vulnerability was determined in Nothings stb up to 12026-04-02
OSV
CVE-2026-5315: A vulnerability was determined in Nothings stb up to 12026-04-02
CVEList
Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds2026-04-01

📋Vendor Advisories

2
Red Hat
Nothings stb: Nothings stb: Denial of Service via out-of-bounds read in TTF file handling2026-04-01
Debian
CVE-2026-5315: libstb - A vulnerability was determined in Nothings stb up to 1.26. The affected element ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5315 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-5315 stb: Nothings stb: Denial of Service via out-of-bounds read in TTF file handling [epel-all]2026-04-02
CVE-2026-5315 — Nothings STB vulnerability | cvebase