Vulnerability Summary Vulnerability Overview Vulnerability Name: Nothing's stb up to 2.30 GIF Decoder stb_image.h stbi__gif_load_next denial of service CVE ID: CVE-2026-5313 CVSS Score: VulDB Meta Temp Score: 3.9 VulDB Base Score: 4.3 VulDB Temp Score: 3.9 CWE ID: CWE-404 (Resource Leak) Vulnerability Description: A denial of service (DoS) vulnerability was discovered in the function within the file of Nothing's stb library. This vulnerability allows for DoS via manipulation of unknown inputs. Remote exploitation is possible without authentication. A Proof-of-Concept (PoC) currently exists. Affected Products Vendor: Nothing's Product Name: stb Affected Versions: 2.0 through 2.30 (including all listed versions such as 2.0, 2.1, 2.2, ..., 2.30) Mitigation Vendor Recommendation: No known mitigations are currently available. Recommended Action: It is recommended to replace the affected component with an alternative product. Exploitation Status (POC/Exploit) The page indicates the vulnerability status as Proof-of-Concept. The "Submit info" section references a related submission: , indicating the existence of exploit code (Use After Free), although the primary classification remains DoS.