Nothings: >> Stb Truetype.h Security Vulnerabilities
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-04-02
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.1
EPSS Score
0.001
Published
2026-04-01
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-17
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
Page 1