VYPR

Stb

by Nothings

Source repositories

CVEs (37)

  • CVE-2018-16981HigSep 12, 2018
    risk 0.57cvss 8.8epss 0.02

    stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

  • CVE-2025-3409MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product…

  • CVE-2025-3408MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by…

  • CVE-2025-3407MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched…

  • CVE-2026-5186MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made…

  • CVE-2026-5316MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…

  • CVE-2026-5315MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The…

  • CVE-2026-5314MedApr 1, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The…

  • CVE-2026-5313MedApr 1, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been…

  • CVE-2025-3406MedApr 8, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch…

  • CVE-2023-45682Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used…

  • CVE-2023-45681Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make…

  • CVE-2023-45680Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.…

  • CVE-2023-45679Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later…

  • CVE-2023-45678Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue…

  • CVE-2023-45677Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully…

  • CVE-2023-45676Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`…

  • CVE-2023-45675Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to…

  • CVE-2023-45667Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and…

  • CVE-2023-45666Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the…

Page 1 of 2