DEBIAN-CVE-2026-5185
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-5185
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5185.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-5185
- Upstream
- Published
- 2026-03-31T07:16:12.663Z
- Modified
- 2026-04-01T08:00:08.676971Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
- References
Affected packages
Debian:11 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0~git20200713.b42009b+ds-1
0.0~git20200713.b42009b+ds-1+deb11u1
0.0~git20210910.af1a5bc+ds-1
0.0~git20220908.8b5f1f3+ds-1~bpo11+1
0.0~git20220908.8b5f1f3+ds-1
0.0~git20230129.5736b15+ds-1
0.0~git20230129.5736b15+ds-1.1~exp1
0.0~git20230129.5736b15+ds-1.1
0.0~git20230129.5736b15+ds-1.2
0.0~git20240715.f7f20f39fe4f+ds-1
0.0~git20241109.5c20573+ds-1
0.0~git20250907.fede005+ds-1
Debian:12 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Debian:14 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source