CVE-2025-3408— Nothings stb stb_dupreplace integer overflow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-3408
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nothings stb stb_dupreplace integer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
stb 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
stb是Sean Barrett个人开发者的一个用于C/C++的stb单文件公共域库。 stb存在安全漏洞,该漏洞源于 stb_dupreplace函数的输入验证不足,可能导致远程攻击者执行恶意操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-3408
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-3408
请登录查看更多情报信息。
Same Patch Batch · Nothings · 2025-04-08 · 4 CVEs total
| CVE-2025-3409 | 6.3 MEDIUM | Nothings stb stb_include_string stack-based overflow |
| CVE-2025-3407 | 6.3 MEDIUM | Nothings stb stbhw_build_tileset_from_image out-of-bounds |
| CVE-2025-3406 | 4.3 MEDIUM | Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds |
IV. Related Vulnerabilities
Same product: stb
- CVE-2026-5317
Nothings stb stb_vorbis.c start_decoder out-of-bounds write - CVE-2026-5316
Nothings stb stb_vorbis.c setup_free allocation of resources - CVE-2026-5315
Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of- - CVE-2026-5314
Nothings stb TTF File stb_truetype.h stbtt_InitFont_internal - CVE-2026-5313
Nothings stb GIF Decoder stb_image.h stbi__gif_load_next den
Same vendor: Nothings
- CVE-2026-5317
Nothings stb stb_vorbis.c start_decoder out-of-bounds write - CVE-2026-5316
Nothings stb stb_vorbis.c setup_free allocation of resources - CVE-2026-5315
Nothings stb TTF File stb_truetype.h stbtt__buf_get8 out-of- - CVE-2026-5314
Nothings stb TTF File stb_truetype.h stbtt_InitFont_internal - CVE-2026-5313
Nothings stb GIF Decoder stb_image.h stbi__gif_load_next den
Same weakness: CWE-190
- CVE-2026-7568
Signed integer overflow in metaphone() - CVE-2026-42311
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Ove - CVE-2026-42308
Pillow: Integer overflow when processing fonts - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-42199
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-AP
V. Comments for CVE-2025-3408
No comments yet