CVE-2025-3409
Last modified
CVE-2025-3409 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nothings | Stb Image.H | <= 2.13 |
References
- https://vuldb.com/?ctiid.303687Permissions Required, VDB Entry
- https://vuldb.com/?id.303687Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.544231Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-3409?
How severe is CVE-2025-3409?
How do I fix CVE-2025-3409?
Are you affected by CVE-2025-3409?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST