Skip to main content

Stb Truetype H

11 CVEs product

Monthly

CVE-2026-5315 LOW PATCH Monitor

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Buffer Overflow Stb Truetype H
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2022-25516 MEDIUM POC This Month

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25515 MEDIUM POC This Month

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25514 HIGH POC This Week

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-6623 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-6622 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6621 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6620 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6619 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6618 HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6617 HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Out-of-bounds read in Nothings stb library (stb_truetype.h) up to version 1.26 allows remote attackers to trigger memory access violations via malformed TTF font files, resulting in information disclosure. The vulnerability affects the stbtt__buf_get8 function in the TTF file handler and requires user interaction to exploit. Publicly available exploit code exists, though the vendor has not responded to disclosure notifications. CVSS 5.3 with EPSS probability of exploitation (E:P) indicates moderate real-world risk.

Buffer Overflow Stb Truetype H
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stb Truetype H
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Truetype H
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy