Medium severity4.3NVD Advisory· Published Apr 2, 2026· Updated Apr 30, 2026

CVE-2026-5315

Description

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Nothings/Stb Truetype.h
cpe:2.3:a:nothings:stb_truetype.h:*:*:*:*:*:*:*:*
Range: <=1.26

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29nvdExploitThird Party Advisory
vuldb.com/submit/780559nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/354647nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/354647/ctinvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000