Stb
by Nothings
Source repositories
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16981 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2018 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | ||
| CVE-2025-3409 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product… | ||
| CVE-2025-3408 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by… | ||
| CVE-2025-3407 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched… | ||
| CVE-2026-5186 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2026 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made… | ||
| CVE-2026-5316 | Med | 0.28 | 4.3 | 0.00 | Apr 2, 2026 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might… | ||
| CVE-2026-5315 | Med | 0.28 | 4.3 | 0.01 | Apr 2, 2026 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The… | ||
| CVE-2026-5314 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2026 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The… | ||
| CVE-2026-5313 | Med | 0.28 | 4.3 | 0.00 | Apr 1, 2026 | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been… | ||
| CVE-2025-3406 | Med | 0.28 | 4.3 | 0.01 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch… | ||
| CVE-2023-45682 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used… | |||
| CVE-2023-45681 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make… | |||
| CVE-2023-45680 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.… | |||
| CVE-2023-45679 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later… | |||
| CVE-2023-45678 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue… | |||
| CVE-2023-45677 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully… | |||
| CVE-2023-45676 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`… | |||
| CVE-2023-45675 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to… | |||
| CVE-2023-45667 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and… | |||
| CVE-2023-45666 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the… |
- risk 0.57cvss 8.8epss 0.02
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch…
- CVE-2023-45682Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used…
- CVE-2023-45681Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make…
- CVE-2023-45680Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.…
- CVE-2023-45679Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later…
- CVE-2023-45678Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue…
- CVE-2023-45677Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully…
- CVE-2023-45676Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`…
- CVE-2023-45675Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to…
- CVE-2023-45667Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and…
- CVE-2023-45666Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the…
Page 1 of 2