VYPR
Vendor

Nothings

Products
4
CVEs
54
Across products
73
Status
Private

Products

4

Recent CVEs

54
View all 54 CVEs →
  • CVE-2019-19777HigDec 13, 2019
    risk 0.57cvss 8.8epss 0.01

    stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

  • CVE-2018-16981HigSep 12, 2018
    risk 0.57cvss 8.8epss 0.02

    stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

  • CVE-2026-5317MedApr 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used…

  • CVE-2025-3409MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product…

  • CVE-2025-3408MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by…

  • CVE-2025-3407MedApr 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched…

  • CVE-2022-27938MedMar 26, 2022
    risk 0.36cvss 5.5epss 0.01

    stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.

  • CVE-2026-5186MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made…

  • CVE-2026-5185MedMar 31, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local…

  • CVE-2026-5316MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…

  • CVE-2026-5315MedApr 2, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The…

  • CVE-2026-5314MedApr 1, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The…

  • CVE-2026-5313MedApr 1, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been…

  • CVE-2025-3406MedApr 8, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch…

  • CVE-2023-43281Oct 24, 2023
    risk 0.00cvss epss 0.01

    Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

  • CVE-2023-45682Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used…

  • CVE-2023-45681Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make…

  • CVE-2023-45680Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.…

  • CVE-2023-45679Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later…

  • CVE-2023-45678Oct 20, 2023
    risk 0.00cvss epss 0.01

    stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue…