CVE-2026-5315

Published: Apr 2, 2026Modified: Apr 30, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Nothings: Stb Truetype.h

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nothings Stb Truetype.h	Up to 1.26

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/submit/780559

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/354647

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/354647/cti

Source: cna@vuldb.com

Permissions RequiredVDB Entry

Timeline

No history available yet.