Vendor CVEs
Nothings
All CVEs
54 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19777 | Hig | 0.57 | 8.8 | 0.01 | Dec 13, 2019 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | ||
| CVE-2018-16981 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2018 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | ||
| CVE-2026-5317 | Med | 0.41 | 6.3 | 0.00 | Apr 2, 2026 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used… | ||
| CVE-2025-3409 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product… | ||
| CVE-2025-3408 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by… | ||
| CVE-2025-3407 | Med | 0.41 | 6.3 | 0.00 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched… | ||
| CVE-2022-27938 | Med | 0.36 | 5.5 | 0.01 | Mar 26, 2022 | stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw. | ||
| CVE-2026-5186 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2026 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made… | ||
| CVE-2026-5185 | Med | 0.34 | 5.3 | 0.00 | Mar 31, 2026 | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local… | ||
| CVE-2026-5316 | Med | 0.28 | 4.3 | 0.00 | Apr 2, 2026 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might… | ||
| CVE-2026-5315 | Med | 0.28 | 4.3 | 0.01 | Apr 2, 2026 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The… | ||
| CVE-2026-5314 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2026 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The… | ||
| CVE-2026-5313 | Med | 0.28 | 4.3 | 0.00 | Apr 1, 2026 | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been… | ||
| CVE-2025-3406 | Med | 0.28 | 4.3 | 0.01 | Apr 8, 2025 | A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch… | ||
| CVE-2023-43281 | 0.00 | — | 0.01 | Oct 24, 2023 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | |||
| CVE-2023-45682 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used… | |||
| CVE-2023-45681 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make… | |||
| CVE-2023-45680 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.… | |||
| CVE-2023-45679 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later… | |||
| CVE-2023-45678 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue… | |||
| CVE-2023-45677 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully… | |||
| CVE-2023-45676 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`… | |||
| CVE-2023-45675 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to… | |||
| CVE-2023-45667 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and… | |||
| CVE-2023-45666 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the… | |||
| CVE-2023-45664 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is… | |||
| CVE-2023-45663 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its… | |||
| CVE-2023-45662 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A… | |||
| CVE-2023-45661 | 0.00 | — | 0.01 | Oct 20, 2023 | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to… | |||
| CVE-2023-43898 | 0.00 | — | 0.00 | Oct 3, 2023 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | |||
| CVE-2021-37789 | 0.00 | — | 0.01 | Nov 2, 2022 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | |||
| CVE-2022-28048 | 0.00 | — | 0.02 | Apr 15, 2022 | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | |||
| CVE-2022-28041 | 0.00 | — | 0.02 | Apr 15, 2022 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||
| CVE-2022-28042 | 0.00 | — | 0.02 | Apr 15, 2022 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | |||
| CVE-2022-25516 | 0.00 | — | 0.01 | Mar 17, 2022 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | |||
| CVE-2022-25514 | 0.00 | — | 0.01 | Mar 17, 2022 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | |||
| CVE-2022-25515 | 0.00 | — | 0.01 | Mar 17, 2022 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input. | |||
| CVE-2021-42716 | 0.00 | — | 0.01 | Oct 21, 2021 | An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service… | |||
| CVE-2021-42715 | 0.00 | — | 0.01 | Oct 21, 2021 | An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted… | |||
| CVE-2020-6617 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | |||
| CVE-2020-6618 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. | |||
| CVE-2020-6619 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | |||
| CVE-2020-6620 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. | |||
| CVE-2020-6621 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. | |||
| CVE-2020-6622 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. | |||
| CVE-2020-6623 | 0.00 | — | 0.01 | Jan 8, 2020 | stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | |||
| CVE-2019-20056 | 0.00 | — | 0.01 | Dec 29, 2019 | stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | |||
| CVE-2019-13220 | 0.00 | — | 0.01 | Aug 15, 2019 | Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. | |||
| CVE-2019-13218 | 0.00 | — | 0.01 | Aug 15, 2019 | Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. | |||
| CVE-2019-13222 | 0.00 | — | 0.01 | Aug 15, 2019 | An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. |
- risk 0.57cvss 8.8epss 0.01
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
- risk 0.57cvss 8.8epss 0.02
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used…
- risk 0.41cvss 6.3epss 0.00
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched…
- risk 0.36cvss 5.5epss 0.01
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made…
- risk 0.34cvss 5.3epss 0.00
A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch…
- CVE-2023-43281Oct 24, 2023risk 0.00cvss —epss 0.01
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
- CVE-2023-45682Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used…
- CVE-2023-45681Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make…
- CVE-2023-45680Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset.…
- CVE-2023-45679Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later…
- CVE-2023-45678Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue…
- CVE-2023-45677Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully…
- CVE-2023-45676Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz`…
- CVE-2023-45675Oct 20, 2023risk 0.00cvss —epss 0.01
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to…
- CVE-2023-45667Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and…
- CVE-2023-45666Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the…
- CVE-2023-45664Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is…
- CVE-2023-45663Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its…
- CVE-2023-45662Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A…
- CVE-2023-45661Oct 20, 2023risk 0.00cvss —epss 0.01
stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to…
- CVE-2023-43898Oct 3, 2023risk 0.00cvss —epss 0.00
Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
- CVE-2021-37789Nov 2, 2022risk 0.00cvss —epss 0.01
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
- CVE-2022-28048Apr 15, 2022risk 0.00cvss —epss 0.02
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
- CVE-2022-28041Apr 15, 2022risk 0.00cvss —epss 0.02
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
- CVE-2022-28042Apr 15, 2022risk 0.00cvss —epss 0.02
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
- CVE-2022-25516Mar 17, 2022risk 0.00cvss —epss 0.01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
- CVE-2022-25514Mar 17, 2022risk 0.00cvss —epss 0.01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
- CVE-2022-25515Mar 17, 2022risk 0.00cvss —epss 0.01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
- CVE-2021-42716Oct 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service…
- CVE-2021-42715Oct 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted…
- CVE-2020-6617Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
- CVE-2020-6618Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
- CVE-2020-6619Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
- CVE-2020-6620Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
- CVE-2020-6621Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
- CVE-2020-6622Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.
- CVE-2020-6623Jan 8, 2020risk 0.00cvss —epss 0.01
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
- CVE-2019-20056Dec 29, 2019risk 0.00cvss —epss 0.01
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
- CVE-2019-13220Aug 15, 2019risk 0.00cvss —epss 0.01
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
- CVE-2019-13218Aug 15, 2019risk 0.00cvss —epss 0.01
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.
- CVE-2019-13222Aug 15, 2019risk 0.00cvss —epss 0.01
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.
Page 1 of 2