CVE-2026-5314 | Nothings stb up to 1.26 TTF File stb_truetype.h stbtt_InitFont_internal out-of-bounds

A vulnerability marked as problematic has been reported in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read.

This vulnerability is known as CVE-2026-5314. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More