DEBIAN-CVE-2026-5315
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-5315
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-5315.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-5315
- Upstream
- Published
- 2026-04-02T00:16:25.153Z
- Modified
- 2026-04-02T16:00:10.205312Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__bufget8 in the library stbtruetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
- References
Affected packages
Debian:11 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0~git20200713.b42009b+ds-1
0.0~git20200713.b42009b+ds-1+deb11u1
0.0~git20210910.af1a5bc+ds-1
0.0~git20220908.8b5f1f3+ds-1~bpo11+1
0.0~git20220908.8b5f1f3+ds-1
0.0~git20230129.5736b15+ds-1
0.0~git20230129.5736b15+ds-1.1~exp1
0.0~git20230129.5736b15+ds-1.1
0.0~git20230129.5736b15+ds-1.2
0.0~git20240715.f7f20f39fe4f+ds-1
0.0~git20241109.5c20573+ds-1
0.0~git20250907.fede005+ds-1
Debian:12 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source
Debian:14 / libstb
Package
- Name
- libstb
- Purl
- pkg:deb/debian/libstb?arch=source