CVE-2026-5185 | Nothings stb_image up to 2.30 Multi-frame GIF File stb_image.h stbi__gif_load_next heap-based overflow

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability labeled as critical has been found in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow.

This vulnerability is reported as CVE-2026-5185. The attack requires a local approach. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5185 | Nothings stb_image up to 2.30 Multi-frame GIF File stb_image.h stbi__gif_load_next heap-based overflow

Post correlati

CVE-2023-50572 | jline-groovy 3.24.1 GroovyEngine.execute resource consumption

CVE-2025-46391 | Emby MediaBrowser 4.9.0.35 access control

CVE-2025-53573 | jegtheme Epic Review Plugin up to 1.0.2 on WordPress cross site scripting

CVE-2026-4959 | OpenBMB XAgent 1.0.0 ShareServer WebSocket Endpoint share.py check_user interaction_id missing authentication