CVE-2026-5186 | Nothings stb up to 2.30 Multi-frame GIF File stb_image.h stbi__load_gif_main double free

A vulnerability marked as critical has been reported in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free.

This vulnerability appears as CVE-2026-5186. The attack requires local access. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More