PT-2026-29202 · Nothings · Stb Image

D0Razi

Publicado

2026-01-01

Atualizado

2026-03-31

CVE-2026-5185

CVSS v3.1

5.3

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions stb image versions prior to 2.31

Description A flaw exists in Nothings stb image, specifically within the Multi-frame GIF File Handler component. The issue resides in the stbi gif load next function of the stb image.h file and results in a heap-based buffer overflow. Exploitation requires local access. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations Update to a version prior to 2.31. As a temporary workaround, consider restricting the use of the Multi-frame GIF File Handler component until a patch is available.

Correção

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-122

Identificadores relacionados

CVE-2026-5185

Produtos afetados

Stb Image

PT-2026-29202 · Nothings · Stb Image

CVE-2026-5185

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10