Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-5313

Source VulDB

Published Apr 1, 2026 at 21:30

Modified Apr 3, 2026 at 16:42

Affected Product

Vendor Nothings

Product stb

Version 2.0

Affected Versions Nothings stb 2.0
Nothings stb 2.1
Nothings stb 2.2
Nothings stb 2.3
Nothings stb 2.4
Nothings stb 2.5
Nothings stb 2.6
Nothings stb 2.7
Nothings stb 2.8
Nothings stb 2.9
Nothings stb 2.10
Nothings stb 2.11
Nothings stb 2.12
Nothings stb 2.13
Nothings stb 2.14
Nothings stb 2.15
Nothings stb 2.16
Nothings stb 2.17
Nothings stb 2.18
Nothings stb 2.19
Nothings stb 2.20
Nothings stb 2.21
Nothings stb 2.22
Nothings stb 2.23
Nothings stb 2.24
Nothings stb 2.25
Nothings stb 2.26
Nothings stb 2.27
Nothings stb 2.28
Nothings stb 2.29
Nothings stb 2.30

CWE Classification

CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-01T21:30:13.458Z",
    "modified": "2026-04-03T16:42:46.207Z",
    "type": "cve",
    "title": "Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354645\nhttps://vuldb.com/vuln/354645/cti\nhttps://vuldb.com/submit/780462",
    "id": "CVE-2026-5313",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "Nothings stb 2.0\nNothings stb 2.1\nNothings stb 2.2\nNothings stb 2.3\nNothings stb 2.4\nNothings stb 2.5\nNothings stb 2.6\nNothings stb 2.7\nNothings stb 2.8\nNothings stb 2.9\nNothings stb 2.10\nNothings stb 2.11\nNothings stb 2.12\nNothings stb 2.13\nNothings stb 2.14\nNothings stb 2.15\nNothings stb 2.16\nNothings stb 2.17\nNothings stb 2.18\nNothings stb 2.19\nNothings stb 2.20\nNothings stb 2.21\nNothings stb 2.22\nNothings stb 2.23\nNothings stb 2.24\nNothings stb 2.25\nNothings stb 2.26\nNothings stb 2.27\nNothings stb 2.28\nNothings stb 2.29\nNothings stb 2.30",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "stb",
    "version": "2.0",
    "vendor": "Nothings",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service_CVE-2026-5313