Fabre

#1135370 libstb: CVE-2026-5316 #1135370

Package:: src:libstb

Source:: src:libstb

Submitter:: Moritz Mühlenhoff

Date:: 2026-05-01 18:37:02 UTC

Severity:: normal

Tags:

#1135370#5

Date:: 2026-05-01 18:20:48 UTC

From:

To:

Hi,

The following vulnerability was published for libstb.

CVE-2026-5316[0]:
| A vulnerability was identified in Nothings stb up to 1.22. The
| impacted element is the function setup_free of the file
| stb_vorbis.c. The manipulation leads to allocation of resources. The
| attack is possible to be carried out remotely. The exploit is
| publicly available and might be used. The vendor was contacted early
| about this disclosure but did not respond in any way.

This does not appear to have been reported upstream:
https://gist.github.com/d0razi/cc7f70bba08c1a455d9933e97b8b57c1


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-5316
https://www.cve.org/CVERecord?id=CVE-2026-5316

Please adjust the affected versions in the BTS as needed.

#1135370 libstb: CVE-2026-5316 #1135370

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)