{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5315", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T12:40:06.859Z", "datePublished": "2026-04-01T23:15:12.505Z", "dateUpdated": "2026-04-02T13:32:19.636Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-01T23:15:12.505Z"}, "title": "Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Nothings", "product": "stb", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.9", "status": "affected"}, {"version": "1.10", "status": "affected"}, {"version": "1.11", "status": "affected"}, {"version": "1.12", "status": "affected"}, {"version": "1.13", "status": "affected"}, {"version": "1.14", "status": "affected"}, {"version": "1.15", "status": "affected"}, {"version": "1.16", "status": "affected"}, {"version": "1.17", "status": "affected"}, {"version": "1.18", "status": "affected"}, {"version": "1.19", "status": "affected"}, {"version": "1.20", "status": "affected"}, {"version": "1.21", "status": "affected"}, {"version": "1.22", "status": "affected"}, {"version": "1.23", "status": "affected"}, {"version": "1.24", "status": "affected"}, {"version": "1.25", "status": "affected"}, {"version": "1.26", "status": "affected"}], "modules": ["TTF File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T14:45:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "d0razi (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/354647", "name": "VDB-354647 | Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354647/cti", "name": "VDB-354647 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780559", "name": "Submit #780559 | nothings stb (stb_truetype.h) \u2264 1.26 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:25:14.355489Z", "id": "CVE-2026-5315", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:32:19.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5315", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T13:25:14.355489Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:25:39.765Z"}}], "cna": {"title": "Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "d0razi (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Nothings", "modules": ["TTF File Handler"], "product": "stb", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "1.5"}, {"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}, {"status": "affected", "version": "1.13"}, {"status": "affected", "version": "1.14"}, {"status": "affected", "version": "1.15"}, {"status": "affected", "version": "1.16"}, {"status": "affected", "version": "1.17"}, {"status": "affected", "version": "1.18"}, {"status": "affected", "version": "1.19"}, {"status": "affected", "version": "1.20"}, {"status": "affected", "version": "1.21"}, {"status": "affected", "version": "1.22"}, {"status": "affected", "version": "1.23"}, {"status": "affected", "version": "1.24"}, {"status": "affected", "version": "1.25"}, {"status": "affected", "version": "1.26"}]}], "timeline": [{"lang": "en", "time": "2026-04-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-01T14:45:23.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354647", "name": "VDB-354647 | Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354647/cti", "name": "VDB-354647 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/780559", "name": "Submit #780559 | nothings stb (stb_truetype.h) \u2264 1.26 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-01T23:15:12.505Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5315", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:32:19.636Z", "dateReserved": "2026-04-01T12:40:06.859Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-01T23:15:12.505Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5315", "lastModified": "2026-04-02T00:16:25.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T00:16:25.153", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/780559"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354647"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354647/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "Nothings stb: Nothings stb: Denial of Service via out-of-bounds read in TTF file handling", "id": "2454167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454167"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in Nothings stb. A remote attacker could exploit a vulnerability in the `stbtt__buf_get8` function of the `stb_truetype.h` library by manipulating input. This could lead to an out-of-bounds read, potentially causing a denial of service (DoS) for affected systems."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted TrueType font files with applications that utilize the Nothings stb library. Restrict the sources of font files to trusted origins to prevent potential denial of service attacks."}, "name": "CVE-2026-5315", "public_date": "2026-04-01T23:15:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5315\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5315\nhttps://gist.github.com/d0razi/c11dd07c75f3b795e4f8bbfd6e2f0d29\nhttps://vuldb.com/submit/780559\nhttps://vuldb.com/vuln/354647\nhttps://vuldb.com/vuln/354647/cti"], "statement": "This Moderate impact vulnerability in Nothings stb, specifically within the `stb_truetype.h` library's TTF file handling, could allow a remote attacker to trigger an out-of-bounds read. By manipulating input, an attacker could cause a denial of service on systems processing malicious TrueType Font files. This affects Red Hat Community Projects, including packages distributed via EPEL.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.1,1.1]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.2,1.2]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.3,1.3]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.4,1.4]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.5,1.5]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.6,1.6]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.7,1.7]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.8,1.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.9,1.9]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.10,1.10]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.11,1.11]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.12,1.12]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.13,1.13]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.14,1.14]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.15,1.15]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.16,1.16]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.17,1.17]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.18,1.18]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.19,1.19]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.20,1.20]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.21,1.21]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.22,1.22]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.23,1.23]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.24,1.24]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.25,1.25]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.26,1.26]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "stb", "source": "cna", "vendor": "Nothings"}, "product": "stb", "vendor": "nothings"}], "analysis": {"en": {"generated_at": "2026-04-02T02:38:28.003893+00:00", "value": {"mitigation_remediation": ["Upgrade the stb library to a version newer than 1.26 that contains the fix for the out-of-bounds read.", "If an immediate upgrade is not feasible, validate and limit the font data size before passing it to stbtt__buf_get8, ensuring the index is within the buffer bounds.", "Keep the library and any related components up-to-date by monitoring vendor advisories for further updates."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure via Out-of-Bounds Read"}, "threat_synthesis": {"affected_systems": "The affected vendor is Nothings, specifically the stb library included in versions up to and including 1.26. The vulnerability is limited to the stb_truetype module, responsible for parsing TrueType font files. No other product or vendor is listed, and the disclosure does not indicate additional impacted components.", "description_and_impact": "The stb single-file library contains a function stbtt__buf_get8 in stb_truetype.h that reads a byte from a truetype font buffer without validating the index. This omission allows a crafted TTF file to trigger an out-of-bounds read, a type of buffer over-read (CWE\u2011119/CWE\u2011125). Reading beyond the allocated buffer can reveal arbitrary memory contents of the process that loads the font, thereby enabling sensitive data disclosure.", "risk_and_exploitability": "The stated CVSS score of 5.3 categorizes this issue as moderate in severity. No EPSS score is available, so the likelihood of exploitation cannot be quantified; however, the description notes that the attack can be performed remotely and public exploits exist. The vulnerability is not in the CISA KEV catalog, but its remote nature combined with a moderate severity indicates a noticeable risk of accidental or intentional data exposure if a malicious font file is processed."}}}}, "created": "2026-04-02T07:46:55.345798+00:00", "updated": "2026-04-02T20:15:54.908158+00:00", "vendors": ["nothings", "nothings$PRODUCT$stb"]}