Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Nothings stb version 1.22 allows remote attackers to write to memory
CVE-2026-5317
Summary
A security flaw in the stb library, used in audio processing, allows a remote attacker to write to memory, potentially causing unexpected behavior or crashes. This affects users who rely on stb for audio processing. To protect your system, update to the latest version of stb.
Original title
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be ...
Original description
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-119
Buffer Overflow
CWE-787
Out-of-bounds Write
Published: 2 Apr 2026 · Updated: 2 Apr 2026 · First seen: 2 Apr 2026