Cyber Resilience

CVE-2026-5315

LowPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 39.2th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-5315 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Nothings Stb Truetype.H. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5315 is an out-of-bounds read vulnerability affecting Nothings' stb library up to version 1.26. The issue resides in the stbtt__buf_get8 function within the stb_truetype.h file of the TTF File Handler component. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-125 (Out-of-bounds Read), with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

The vulnerability enables remote exploitation without requiring attacker privileges, though it demands user interaction. An attacker can craft a malicious TTF file that, when processed by an affected application using the stb library, triggers the out-of-bounds read, potentially resulting in a low-impact denial of service such as application crashes.

Advisories from VulDB indicate that the vendor was contacted early about the disclosure but provided no response, and no patches or mitigations have been issued. An exploit has been publicly disclosed via a GitHub Gist.

The exploit's public availability increases the risk of utilization in targeted attacks against applications relying on stb for TTF parsing.

EU & UK References

Vulnerability details

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed…

more

remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds read vulnerability exploitable via malicious TTF files causes application crashes (DoS), directly enabling application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5314Same product: Nothings Stb Truetype.H
CVE-2026-2659Shared CWE-119, CWE-125
CVE-2026-3663Shared CWE-119, CWE-125
CVE-2026-3386Shared CWE-119, CWE-125
CVE-2026-3731Shared CWE-119, CWE-125
CVE-2026-2858Shared CWE-119, CWE-125
CVE-2026-5317Same vendor: Nothings
CVE-2026-2644Shared CWE-119, CWE-125
CVE-2026-2662Shared CWE-119, CWE-125
CVE-2025-21598Shared CWE-125

Affected Assets

nothings
stb truetype.h
≤ 1.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of identified flaws, directly addressing the unpatched out-of-bounds read vulnerability in the stb library by mandating updates, replacements, or alternative mitigations.

prevent

SI-16 implements memory protection safeguards such as ASLR and DEP that prevent exploitation of out-of-bounds read vulnerabilities like the one in stbtt__buf_get8.

prevent

SI-10 enforces input validation to reject malformed TTF files, reducing the likelihood of triggering the out-of-bounds read in the stb TTF parser.

References