CVE-2026-5313
Denial of Service in stb_image.h GIF Decoder Function
Publication date: 2026-04-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nothing | sbt | to 2.30 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the function stbi__gif_load_next within the GIF Decoder component of the stb_image.h library, specifically in versions of Nothings stb up to 2.30.
The issue allows an attacker to manipulate the function in a way that leads to a denial of service (DoS).
The attack can be launched remotely, meaning an attacker does not need local access to exploit this vulnerability.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition.
This means that an attacker could cause the affected software or system to become unavailable or unresponsive by exploiting this flaw.
Since the attack can be performed remotely, it could disrupt services or applications that rely on the vulnerable library, potentially affecting availability.