CVE-2026-5315 | Nothings stb up to 1.26 TTF File stb_truetype.h stbtt__buf_get8 out-of-bounds

A vulnerability described as problematic has been identified in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read.

This vulnerability is handled as CVE-2026-5315. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More