CVE-2026-5316Uncontrolled Resource Consumption in STB

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling8 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nothings STB
Timeline
PublishedApr 2

Description

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5nothings/stb23 versions+22

🔴Vulnerability Details

3
CVEList
Nothings stb stb_vorbis.c setup_free allocation of resources2026-04-02
GHSA
GHSA-pmw2-j962-7frc: A vulnerability was identified in Nothings stb up to 12026-04-02
OSV
CVE-2026-5316: A vulnerability was identified in Nothings stb up to 12026-04-02

📋Vendor Advisories

1
Debian
CVE-2026-5316: libstb - A vulnerability was identified in Nothings stb up to 1.22. The impacted element ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-5316 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2026-5316 stb: invalid free when processing a crafted ogg vorbis file [epel-all]2026-04-02
Bugzilla
CVE-2026-5316 stb: invalid free when processing a crafted ogg vorbis file [fedora-all]2026-04-02
CVE-2026-5316 — Uncontrolled Resource Consumption | cvebase