Fabre

#1134618 libstb: CVE-2026-5185 #1134618

Package:: src:libstb

Source:: src:libstb

Submitter:: Moritz Mühlenhoff

Date:: 2026-04-25 11:53:01 UTC

Severity:: normal

Tags:

#1134618#5

Date:: 2026-04-22 10:38:07 UTC

From:

To:

Hi,

The following vulnerability was published for libstb.

CVE-2026-5185[0]:
| A security flaw has been discovered in Nothings stb_image up to
| 2.30. This affects the function stbi__gif_load_next of the file
| stb_image.h of the component Multi-frame GIF File Handler. The
| manipulation results in heap-based buffer overflow. The attack
| requires a local approach. The exploit has been released to the
| public and may be used for attacks. The vendor was contacted early
| about this disclosure but did not respond in any way.

https://github.com/nothings/stb/issues/1916


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-5185
https://www.cve.org/CVERecord?id=CVE-2026-5185

Please adjust the affected versions in the BTS as needed.

#1134618 libstb: CVE-2026-5185 #1134618

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)