CVE-2025-3408
MEDIUMNothings stb_image.h < 2025-03-14 - Integer Overflow in stb_dupreplace
Title source: llmDescription
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.303686
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.303686
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.544230
Scores
CVSS v3
6.3
EPSS
0.0041
EPSS Percentile
32.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-189
CWE-190
Status
published
Products (1)
nothings/stb_image.h
< 2025-03-14
Published
Apr 08, 2025
Tracked Since
Feb 18, 2026