Vulnerability Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nothings | Stb Truetype.H | <= 1.26 |
Related Weaknesses (CWE)
References
- https://gist.github.com/d0razi/cb31a92f3205a4373f19b7da25946848ExploitThird Party Advisory
- https://vuldb.com/submit/780558Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/354646Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/354646/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-5314?
CVE-2026-5314 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation result...
How severe is CVE-2026-5314?
CVE-2026-5314 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5314?
Check the references section above for vendor advisories and patch information. Affected products include: Nothings Stb Truetype.H.