CVE-2026-5317 — Improper Restriction of Operations within the Bounds of a Memory Buffer in STB

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write8 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 86.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nothings STB

Timeline

PublishedApr 2

Description

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5nothings/stb23 versions+22

🔴Vulnerability Details

GHSA

GHSA-8mhm-8wmq-8793: A security flaw has been discovered in Nothings stb up to 1↗2026-04-02

▶

OSV

CVE-2026-5317: A security flaw has been discovered in Nothings stb up to 1↗2026-04-02

▶

CVEList

Nothings stb stb_vorbis.c start_decoder out-of-bounds write↗2026-04-02

▶

📋Vendor Advisories

Red Hat

nothings stb: Nothings stb: Remote out-of-bounds write vulnerability↗2026-04-02

▶

Debian

CVE-2026-5317: libstb - A security flaw has been discovered in Nothings stb up to 1.22. This affects the...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5317 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-5317 stb: Nothings stb: Remote out-of-bounds write vulnerability [epel-all]↗2026-04-02

▶