Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Nothings stb: TTF File Handler Allows Remote Data Exposure
CVE-2026-5315
Summary
A security issue in Nothings stb version 1.26 and earlier can allow an attacker to access sensitive data from a TTF file remotely. This means that a malicious actor could potentially access confidential information by manipulating a TTF file. We recommend updating to a fixed version of Nothings stb to protect against this type of attack.
Original title
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipula...
Original description
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
Published: 2 Apr 2026 · Updated: 2 Apr 2026 · First seen: 2 Apr 2026