Out-of-Bounds Read in Nothings stb Affecting Remote Functionality
CVE-2025-3407

5.3MEDIUM

Key Information:

Vendor

Nothings

Status
Stb
Vendor
CVE Published:
8 April 2025

What is CVE-2025-3407?

A vulnerability has been identified in Nothings stb, located in the function stbhw_build_tileset_from_image, where improper handling of the h_count and v_count arguments can lead to an out-of-bounds read. This issue is exploitable remotely, posing a significant risk to systems utilizing the affected versions. Despite the rolling release strategy of the product, making it difficult to pinpoint specific version details for the patched releases, the vendor has not responded regarding this critical disclosure, leaving users vulnerable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

stb f056911

References

https://vuldb.com/?id.303685
vdb-entrytechnical-description
https://vuldb.com/?ctiid.303685
signaturepermissions-required
https://vuldb.com/?submit.544227
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ninpwn (VulDB User)
JSON
.