Description
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Out-of-Bounds Read
Action: Apply Patch
AI Analysis

Impact

The stb single-file library contains a function stbtt__buf_get8 in stb_truetype.h that reads a byte from a truetype font buffer without validating the index. This omission allows a crafted TTF file to trigger an out-of-bounds read, a type of buffer over-read (CWE‑119/CWE‑125). Reading beyond the allocated buffer can reveal arbitrary memory contents of the process that loads the font, thereby enabling sensitive data disclosure.

Affected Systems

The affected vendor is Nothings, specifically the stb library included in versions up to and including 1.26. The vulnerability is limited to the stb_truetype module, responsible for parsing TrueType font files. No other product or vendor is listed, and the disclosure does not indicate additional impacted components.

Risk and Exploitability

The stated CVSS score of 5.3 categorizes this issue as moderate in severity. No EPSS score is available, so the likelihood of exploitation cannot be quantified; however, the description notes that the attack can be performed remotely and public exploits exist. The vulnerability is not in the CISA KEV catalog, but its remote nature combined with a moderate severity indicates a noticeable risk of accidental or intentional data exposure if a malicious font file is processed.

Generated by OpenCVE AI on April 2, 2026 at 02:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the stb library to a version newer than 1.26 that contains the fix for the out-of-bounds read.
  • If an immediate upgrade is not feasible, validate and limit the font data size before passing it to stbtt__buf_get8, ensuring the index is within the buffer bounds.
  • Keep the library and any related components up-to-date by monitoring vendor advisories for further updates.

Generated by OpenCVE AI on April 2, 2026 at 02:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Nothings
Nothings stb
Vendors & Products Nothings
Nothings stb

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds
Weaknesses CWE-119
CWE-125
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Nothings Stb
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T13:32:19.636Z

Reserved: 2026-04-01T12:40:06.859Z

Link: CVE-2026-5315

cve-icon Vulnrichment

Updated: 2026-04-02T13:25:39.765Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T00:16:25.153

Modified: 2026-04-03T16:10:52.680

Link: CVE-2026-5315

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-01T23:15:12Z

Links: CVE-2026-5315 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:15:54Z

Weaknesses