Nothings stb stb_vorbis.c start_decoder out-of-bounds write_CVE-2026-5317

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-5317

Source VulDB

Published Apr 2, 2026 at 00:45

Modified Apr 2, 2026 at 13:11

Affected Product

Vendor Nothings

Product stb

Version 1.0

Affected Versions Nothings stb 1.0
Nothings stb 1.1
Nothings stb 1.2
Nothings stb 1.3
Nothings stb 1.4
Nothings stb 1.5
Nothings stb 1.6
Nothings stb 1.7
Nothings stb 1.8
Nothings stb 1.9
Nothings stb 1.10
Nothings stb 1.11
Nothings stb 1.12
Nothings stb 1.13
Nothings stb 1.14
Nothings stb 1.15
Nothings stb 1.16
Nothings stb 1.17
Nothings stb 1.18
Nothings stb 1.19
Nothings stb 1.20
Nothings stb 1.21
Nothings stb 1.22

CWE Classification

CWE-787 CWE-119

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-02T00:45:13.044Z",
    "modified": "2026-04-02T13:11:56.189Z",
    "type": "cve",
    "title": "Nothings stb stb_vorbis.c start_decoder out-of-bounds write",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354649\nhttps://vuldb.com/vuln/354649/cti\nhttps://vuldb.com/submit/780561\nhttps://gist.github.com/d0razi/2ff8a0e812f74dd6fe7f2843931bb90c",
    "id": "CVE-2026-5317",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Nothings stb 1.0\nNothings stb 1.1\nNothings stb 1.2\nNothings stb 1.3\nNothings stb 1.4\nNothings stb 1.5\nNothings stb 1.6\nNothings stb 1.7\nNothings stb 1.8\nNothings stb 1.9\nNothings stb 1.10\nNothings stb 1.11\nNothings stb 1.12\nNothings stb 1.13\nNothings stb 1.14\nNothings stb 1.15\nNothings stb 1.16\nNothings stb 1.17\nNothings stb 1.18\nNothings stb 1.19\nNothings stb 1.20\nNothings stb 1.21\nNothings stb 1.22",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "stb",
    "version": "1.0",
    "vendor": "Nothings",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}