CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5317

A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 7.5

References

Products affected by CVE-2026-5317

Nothings » Stb Vorbis.c » Version: 0.90

cpe:2.3:a:nothings:stb_vorbis.c:0.90
Nothings » Stb Vorbis.c » Version: 0.91

cpe:2.3:a:nothings:stb_vorbis.c:0.91
Nothings » Stb Vorbis.c » Version: 0.92

cpe:2.3:a:nothings:stb_vorbis.c:0.92
Nothings » Stb Vorbis.c » Version: 0.93

cpe:2.3:a:nothings:stb_vorbis.c:0.93
Nothings » Stb Vorbis.c » Version: 0.94

cpe:2.3:a:nothings:stb_vorbis.c:0.94
Nothings » Stb Vorbis.c » Version: 0.95

cpe:2.3:a:nothings:stb_vorbis.c:0.95
Nothings » Stb Vorbis.c » Version: 0.96

cpe:2.3:a:nothings:stb_vorbis.c:0.96
Nothings » Stb Vorbis.c » Version: 0.97

cpe:2.3:a:nothings:stb_vorbis.c:0.97
Nothings » Stb Vorbis.c » Version: 0.98

cpe:2.3:a:nothings:stb_vorbis.c:0.98
Nothings » Stb Vorbis.c » Version: 0.990

cpe:2.3:a:nothings:stb_vorbis.c:0.990
Nothings » Stb Vorbis.c » Version: 0.991

cpe:2.3:a:nothings:stb_vorbis.c:0.991
Nothings » Stb Vorbis.c » Version: 0.992

cpe:2.3:a:nothings:stb_vorbis.c:0.992
Nothings » Stb Vorbis.c » Version: 0.993

cpe:2.3:a:nothings:stb_vorbis.c:0.993
Nothings » Stb Vorbis.c » Version: 0.994

cpe:2.3:a:nothings:stb_vorbis.c:0.994
Nothings » Stb Vorbis.c » Version: 0.995

cpe:2.3:a:nothings:stb_vorbis.c:0.995
Nothings » Stb Vorbis.c » Version: 0.996

cpe:2.3:a:nothings:stb_vorbis.c:0.996
Nothings » Stb Vorbis.c » Version: 0.997

cpe:2.3:a:nothings:stb_vorbis.c:0.997
Nothings » Stb Vorbis.c » Version: 0.998

cpe:2.3:a:nothings:stb_vorbis.c:0.998
Nothings » Stb Vorbis.c » Version: 0.999

cpe:2.3:a:nothings:stb_vorbis.c:0.999
Nothings » Stb Vorbis.c » Version: 0.9991

cpe:2.3:a:nothings:stb_vorbis.c:0.9991
Nothings » Stb Vorbis.c » Version: 0.9992

cpe:2.3:a:nothings:stb_vorbis.c:0.9992
Nothings » Stb Vorbis.c » Version: 0.9993

cpe:2.3:a:nothings:stb_vorbis.c:0.9993
Nothings » Stb Vorbis.c » Version: 0.9994

cpe:2.3:a:nothings:stb_vorbis.c:0.9994
Nothings » Stb Vorbis.c » Version: 0.9995

cpe:2.3:a:nothings:stb_vorbis.c:0.9995
Nothings » Stb Vorbis.c » Version: 0.9996

cpe:2.3:a:nothings:stb_vorbis.c:0.9996
Nothings » Stb Vorbis.c » Version: 0.9997

cpe:2.3:a:nothings:stb_vorbis.c:0.9997
Nothings » Stb Vorbis.c » Version: 0.9998

cpe:2.3:a:nothings:stb_vorbis.c:0.9998
Nothings » Stb Vorbis.c » Version: 0.9999

cpe:2.3:a:nothings:stb_vorbis.c:0.9999
Nothings » Stb Vorbis.c » Version: 0.99991

cpe:2.3:a:nothings:stb_vorbis.c:0.99991
Nothings » Stb Vorbis.c » Version: 0.99992

cpe:2.3:a:nothings:stb_vorbis.c:0.99992
Nothings » Stb Vorbis.c » Version: 0.99993

cpe:2.3:a:nothings:stb_vorbis.c:0.99993
Nothings » Stb Vorbis.c » Version: 0.99994

cpe:2.3:a:nothings:stb_vorbis.c:0.99994
Nothings » Stb Vorbis.c » Version: 0.99995

cpe:2.3:a:nothings:stb_vorbis.c:0.99995
Nothings » Stb Vorbis.c » Version: 0.99996

cpe:2.3:a:nothings:stb_vorbis.c:0.99996
Nothings » Stb Vorbis.c » Version: 1.0

cpe:2.3:a:nothings:stb_vorbis.c:1.0
Nothings » Stb Vorbis.c » Version: 1.01

cpe:2.3:a:nothings:stb_vorbis.c:1.01
Nothings » Stb Vorbis.c » Version: 1.02

cpe:2.3:a:nothings:stb_vorbis.c:1.02
Nothings » Stb Vorbis.c » Version: 1.03

cpe:2.3:a:nothings:stb_vorbis.c:1.03
Nothings » Stb Vorbis.c » Version: 1.04

cpe:2.3:a:nothings:stb_vorbis.c:1.04
Nothings » Stb Vorbis.c » Version: 1.05

cpe:2.3:a:nothings:stb_vorbis.c:1.05
Nothings » Stb Vorbis.c » Version: 1.06

cpe:2.3:a:nothings:stb_vorbis.c:1.06
Nothings » Stb Vorbis.c » Version: 1.07

cpe:2.3:a:nothings:stb_vorbis.c:1.07
Nothings » Stb Vorbis.c » Version: 1.08

cpe:2.3:a:nothings:stb_vorbis.c:1.08
Nothings » Stb Vorbis.c » Version: 1.09

cpe:2.3:a:nothings:stb_vorbis.c:1.09
Nothings » Stb Vorbis.c » Version: 1.10

cpe:2.3:a:nothings:stb_vorbis.c:1.10
Nothings » Stb Vorbis.c » Version: 1.11

cpe:2.3:a:nothings:stb_vorbis.c:1.11
Nothings » Stb Vorbis.c » Version: 1.12

cpe:2.3:a:nothings:stb_vorbis.c:1.12
Nothings » Stb Vorbis.c » Version: 1.13

cpe:2.3:a:nothings:stb_vorbis.c:1.13
Nothings » Stb Vorbis.c » Version: 1.14

cpe:2.3:a:nothings:stb_vorbis.c:1.14
Nothings » Stb Vorbis.c » Version: 1.15

cpe:2.3:a:nothings:stb_vorbis.c:1.15
Nothings » Stb Vorbis.c » Version: 1.16

cpe:2.3:a:nothings:stb_vorbis.c:1.16
Nothings » Stb Vorbis.c » Version: 1.17

cpe:2.3:a:nothings:stb_vorbis.c:1.17
Nothings » Stb Vorbis.c » Version: 1.18

cpe:2.3:a:nothings:stb_vorbis.c:1.18
Nothings » Stb Vorbis.c » Version: 1.19

cpe:2.3:a:nothings:stb_vorbis.c:1.19
Nothings » Stb Vorbis.c » Version: 1.20

cpe:2.3:a:nothings:stb_vorbis.c:1.20
Nothings » Stb Vorbis.c » Version: 1.21

cpe:2.3:a:nothings:stb_vorbis.c:1.21
Nothings » Stb Vorbis.c » Version: 1.22

cpe:2.3:a:nothings:stb_vorbis.c:1.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5317

Products

Pricing

Contact Us