CVE-2026-5315
Received Received - Intake
Out-of-Bounds Read in stb_truetype.h TTF Handler

Publication date: 2026-04-02

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5315
EUVD
EUVD-2026-18109
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nothings stb_truetype.h to 1.26 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5315 is a heap-based out-of-bounds read vulnerability in the function stbtt__buf_get8() within the stb_truetype.h library (version up to 1.26) from the nothings/stb project.

This function reads a single byte from a buffer without properly checking if the read position is within the allocated buffer bounds, which leads to reading memory beyond the buffer (heap buffer overflow).

The vulnerability occurs during the parsing of the Compact Font Format (CFF) table when initializing a font, specifically in the font initialization functions stbtt_InitFont_internal() and stbtt_InitFont().

An attacker can trigger this vulnerability remotely by supplying a specially crafted font file that causes the out-of-bounds read.

Impact Analysis

This vulnerability can lead to an out-of-bounds read of heap memory, which may cause application crashes or undefined behavior.

While the vulnerability does not directly allow code execution or privilege escalation, it can be exploited remotely by providing a malicious font file, potentially leading to denial of service or information disclosure depending on the context in which the vulnerable library is used.

Detection Guidance

This vulnerability can be detected by running a proof-of-concept (PoC) program that triggers the out-of-bounds read in the stb_truetype.h library. The PoC involves loading a specially crafted font file that causes the vulnerable function stbtt__buf_get8() to read beyond the allocated buffer.

To detect the vulnerability on your system, you can compile and run the provided minimal reproduction program with AddressSanitizer enabled. This will help identify the heap-buffer-overflow error caused by the vulnerability.

  • Compile the repro.c program with AddressSanitizer using the command: clang -fsanitize=address -g -O0 repro.c -o repro -lm
  • Run the compiled program with the provided base64-encoded font file (poc.ttf.b64) decoded to trigger the vulnerability.

AddressSanitizer will detect the out-of-bounds read during the font initialization process, indicating the presence of the vulnerability.

Mitigation Strategies

To mitigate the CVE-2026-5315 vulnerability, immediate steps include avoiding the use of vulnerable versions of the stb_truetype.h library (version 1.26 and earlier) when processing untrusted font files.

Since the vulnerability is an out-of-bounds read triggered during font initialization, you should consider validating or sanitizing font inputs before processing them with the affected library.

Additionally, monitor for any updates or patches from the vendor or community that address this issue, and apply them as soon as they become available.

If possible, use runtime memory protection tools such as AddressSanitizer during development and testing to detect and prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5315. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart