Skip to main content

Stb Truetype H CVE-2026-5315

| EUVDEUVD-2026-18109 LOW
Buffer Overflow (CWE-119)
2026-04-02 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 00:25 euvd
EUVD-2026-18109
Analysis Generated
Apr 02, 2026 - 00:25 vuln.today
CVE Published
Apr 02, 2026 - 00:16 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Technical ContextAI

The stb library is a single-header C library collection widely used for graphics, audio, and file format processing. The vulnerability resides in stb_truetype.h, a TrueType font parsing module that lacks proper bounds validation in the stbtt__buf_get8 function when reading binary TTF file data. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically an out-of-bounds read condition where the function fails to validate buffer offsets before attempting byte-level reads. This allows an attacker to craft a malicious TTF file with invalid offset values, causing the parser to read beyond allocated memory regions and potentially leak sensitive data from adjacent memory.

RemediationAI

Update the stb library to a version newer than 1.26 that incorporates bounds checking fixes in stbtt__buf_get8. For applications unable to update immediately, implement external validation of TTF files before parsing by restricting font file sources to trusted repositories and disabling automatic font loading from untrusted sources. Review application code to ensure user-supplied font files are validated against file type signatures and size limits before stb_truetype.h processing. The vendor (Nothings/Sean Barrett) did not provide a coordinated patch timeline per disclosure data; monitor the official stb GitHub repository (https://github.com/nothings/stb) for updates and apply promptly.

CVE-2020-6623 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Rated high severity (CVSS 8.8), this v

CVE-2020-6622 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Rated high severity (CVSS 8.8), t

CVE-2020-6621 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Rated high severity (CVSS 8.8), this vuln

CVE-2020-6620 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Rated high severity (CVSS 8.8), th

CVE-2020-6619 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Rated high severity (CVSS 8.8), this vulner

CVE-2020-6618 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Rated high severity (CVSS 8.8),

CVE-2020-6617 HIGH POC
8.8 Jan 08

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Rated high severity (CVSS 8.8), this vulnera

CVE-2022-25514 HIGH POC
7.5 Mar 17

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. Rat

CVE-2022-25516 MEDIUM POC
6.5 Mar 17

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype

CVE-2022-25515 MEDIUM POC
6.5 Mar 17

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. Rate

Vendor StatusVendor

Debian

libstb
Release Status Fixed Version Urgency
bullseye vulnerable 0.0~git20200713.b42009b+ds-1 -
bullseye (security) vulnerable 0.0~git20200713.b42009b+ds-1+deb11u1 -
bookworm vulnerable 0.0~git20220908.8b5f1f3+ds-1 -
trixie vulnerable 0.0~git20241109.5c20573+ds-1 -
forky, sid vulnerable 0.0~git20250907.fede005+ds-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-5315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy