Nothings Stb vulnerabilities

CVE-2026-5315 [MEDIUM] CWE-119 CVE-2026-5315: A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbt A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contac

CVE-2026-5316 [MEDIUM] CWE-400 CVE-2026-5316: A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setu A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not

CVE-2026-5317 [MEDIUM] CWE-119 CVE-2026-5317: A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_deco A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did

CVE-2026-5314 [MEDIUM] CWE-119 CVE-2026-5314: A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_intern A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted earl

CVE-2026-5313 [MEDIUM] CWE-404 CVE-2026-5313: A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about thi

CVE-2026-5186 [MEDIUM] CWE-119 CVE-2026-5186: A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_ A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted

CVE-2025-3408 [MEDIUM] CWE-189 CVE-2025-3408: A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases

CVE-2025-3406 [MEDIUM] CWE-119 CVE-2025-3406: A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affe A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide c

CVE-2025-3407 [MEDIUM] CWE-119 CVE-2025-3407: A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide contin

CVE-2025-3409 [MEDIUM] CWE-119 CVE-2025-3409: A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects th A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaff

CVE-2023-45666 [CRITICAL] CWE-415 CVE-2023-45666: stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem`

CVE-2023-45667 [HIGH] CWE-476 CVE-2023-45667: stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the

CVE-2023-45678 [HIGH] CWE-787 CVE-2023-45678: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.

CVE-2023-45662 [HIGH] CWE-125 CVE-2023-45662: stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_verticall stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_

CVE-2023-45661 [HIGH] CWE-125 CVE-2023-45661: stb_image is a single file MIT licensed library for processing images. A crafted image file may trig stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.

CVE-2023-45679 [HIGH] CWE-415 CVE-2023-45679: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead

CVE-2023-45676 [HIGH] CWE-787 CVE-2023-45676: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memor

CVE-2023-45677 [HIGH] CWE-787 CVE-2023-45677: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `l

CVE-2023-45675 [HIGH] CWE-787 CVE-2023-45675: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer`

CVE-2023-45682 [HIGH] CWE-125 CVE-2023-45682: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.