CVE-2026-5186

Name of the Vulnerable Software and Affected Versions Nothings stb versions prior to 2.31

Description A flaw exists in Nothings stb up to version 2.30 related to the Multi-frame GIF File Handler component. Specifically, the issue resides within the stbi load gif main function of the stb image.h file and results in a double free condition. Local access is required for exploitation. The exploit has been publicly released. The vendor was notified but did not provide a response.

Recommendations Update Nothings stb to version 2.31 or later. As a temporary workaround, consider restricting access to the stbi load gif main function until a patch is available.