CVE-2026-5313

Summary

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Nothingsstb2.0affected
Nothingsstb2.1affected
Nothingsstb2.2affected
Nothingsstb2.3affected
Nothingsstb2.4affected
Nothingsstb2.5affected
Nothingsstb2.6affected
Nothingsstb2.7affected
Nothingsstb2.8affected
Nothingsstb2.9affected
Nothingsstb2.10affected
Nothingsstb2.11affected
Nothingsstb2.12affected
Nothingsstb2.13affected
Nothingsstb2.14affected
Nothingsstb2.15affected
Nothingsstb2.16affected
Nothingsstb2.17affected
Nothingsstb2.18affected
Nothingsstb2.19affected
Nothingsstb2.20affected
Nothingsstb2.21affected
Nothingsstb2.22affected
Nothingsstb2.23affected
Nothingsstb2.24affected
Nothingsstb2.25affected
Nothingsstb2.26affected
Nothingsstb2.27affected
Nothingsstb2.28affected
Nothingsstb2.29affected
Nothingsstb2.30affected

Weaknesses

  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References