Out-of-Bounds Read Vulnerability in Nothings stb Header Array Handler
CVE-2025-3406

5.3MEDIUM

Key Information:

Vendor

Nothings

Status
Stb
Vendor
CVE Published:
8 April 2025

What is CVE-2025-3406?

A vulnerability exists in the Nothings stb, specifically in the stbhw_build_tileset_from_image function of the Header Array Handler. This issue allows for an out-of-bounds read due to improper handling of the width argument, potentially leading to data leakage or unauthorized access to sensitive information. The vulnerability can be exploited remotely, and because Nothings utilizes a rolling release model, specific version details of affected or patched releases are not disclosed. Nothings has not responded to early disclosures regarding this security concern.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

stb f056911

References

https://vuldb.com/?id.303684
vdb-entrytechnical-description
https://vuldb.com/?ctiid.303684
signaturepermissions-required
https://vuldb.com/?submit.544226
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ninpwn (VulDB User)
JSON
.