CVE-2026-5315

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.2%
Exploitation probability in 30 days
Top 60% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
None
Integrity
None
Availability
High
Published: April 1, 2026 (99 days ago)
Last Modified: April 1, 2026
Vendor: Red Hat
Source: REDHAT

Description

A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE

CWE-125

References