CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-5314

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 5.0

References

https://gist.github.com/d0razi/cb31a92f3205a4373f19b7da25946848
https://vuldb.com/submit/780558
https://vuldb.com/vuln/354646
https://vuldb.com/vuln/354646/cti

Products affected by CVE-2026-5314

Nothings » Stb Truetype.h » Version: 1.22

cpe:2.3:a:nothings:stb_truetype.h:1.22
Nothings » Stb Truetype.h » Version: 1.26

cpe:2.3:a:nothings:stb_truetype.h:1.26

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5314

Products

Pricing

Contact Us