CVE-2026-5315
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nothings | stb | 1.0 | affected |
| Nothings | stb | 1.1 | affected |
| Nothings | stb | 1.2 | affected |
| Nothings | stb | 1.3 | affected |
| Nothings | stb | 1.4 | affected |
| Nothings | stb | 1.5 | affected |
| Nothings | stb | 1.6 | affected |
| Nothings | stb | 1.7 | affected |
| Nothings | stb | 1.8 | affected |
| Nothings | stb | 1.9 | affected |
| Nothings | stb | 1.10 | affected |
| Nothings | stb | 1.11 | affected |
| Nothings | stb | 1.12 | affected |
| Nothings | stb | 1.13 | affected |
| Nothings | stb | 1.14 | affected |
| Nothings | stb | 1.15 | affected |
| Nothings | stb | 1.16 | affected |
| Nothings | stb | 1.17 | affected |
| Nothings | stb | 1.18 | affected |
| Nothings | stb | 1.19 | affected |
| Nothings | stb | 1.20 | affected |
| Nothings | stb | 1.21 | affected |
| Nothings | stb | 1.22 | affected |
| Nothings | stb | 1.23 | affected |
| Nothings | stb | 1.24 | affected |
| Nothings | stb | 1.25 | affected |
| Nothings | stb | 1.26 | affected |
Weaknesses
- CWE-125: Out-of-Bounds Read
- CWE-119: Memory Corruption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/vuln/354647
- https://vuldb.com/vuln/354647/cti
- https://vuldb.com/submit/780559
- https://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.