CVE-2025-3407

Name of the Vulnerable Software and Affected Versions: Nothings stb versions up to f056911

Description: A critical issue was found in the function stbhw build tileset from image. The manipulation of the arguments h count and v count leads to an out-of-bounds read. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For versions up to f056911, as a temporary workaround, consider restricting the use of the stbhw build tileset from image function until a fix is available. Avoid manipulating the h count and v count arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.