Nothings Stb
24 CVEs affecting Nothings Stb. Latest disclosed: 2026-04-02. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-45681 | High | 7.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `sta… |
CVE-2023-45679 | High | 7.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In t… |
CVE-2023-45677 | High | 7.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0… |
CVE-2023-45676 | High | 7.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet… |
CVE-2023-45666 | High | 7.3 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of out… |
CVE-2023-45664 | High | 7.3 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free t… |
CVE-2023-45678 | Medium | 6.5 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at… |
CVE-2023-45675 | Medium | 6.5 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0… |
CVE-2023-45662 | Medium | 6.5 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a numb… |
CVE-2023-45661 | Medium | 6.5 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. Thi… |
CVE-2026-5317 | Medium | 6.3 | 2026-04-02 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in o… |
CVE-2025-3409 | Medium | 6.3 | 2025-04-08 | A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argu… |
CVE-2025-3408 | Medium | 6.3 | 2025-04-08 | A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation… |
CVE-2025-3407 | Medium | 6.3 | 2025-04-08 | A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_f… |
CVE-2026-5186 | Medium | 5.3 | 2026-03-31 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame G… |
CVE-2023-45682 | Medium | 5.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is… |
CVE-2023-45680 | Medium | 5.3 | 2023-10-20 | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In t… |
CVE-2023-45667 | Medium | 5.3 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer… |
CVE-2023-45663 | Medium | 5.3 | 2023-10-20 | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file… |
CVE-2026-5316 | Medium | 4.3 | 2026-04-02 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to… |