Nothings Nothings

  1. Vendors
  2. Nothings

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Nothings product.

RSS Feeds for Nothings security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Nothings products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Nothings Sorted by Most Security Vulnerabilities since 2018

Nothings Stb Image H15 vulnerabilities

Nothings Stb Truetype H10 vulnerabilities

Nothings Stb Vorbis C8 vulnerabilities

Nothings Stb1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Nothings. Nothings did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 16 7.39
2022 5 7.16
2021 2 6.30
2020 7 0.00
2019 2 0.00
2018 1 8.80

It may take a day or so for new Nothings vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nothings Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2023-43281 Oct 25, 2023
Double Free in stb_image.h 2.28 via stbi_load_gif_main Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.
Stb Image H
CVE-2023-45667 Oct 21, 2023
stb_image Null Pointer Crash in GIF Load (CVE-2023-45667) stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
Stb Image H
CVE-2023-45681 Oct 21, 2023
Integer Overflows in stb_vorbis: Heap Buffer Overflow in start_decoder stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.
Stb Vorbis C
CVE-2023-45666 Oct 21, 2023
Memory Leak/Double-Free in stb_image GIF Loader (stbi__load_gif_main) stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesnt give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesnt do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didnt fail or to a double-free if the `delays` is always freed
Stb Image H
CVE-2023-45680 Oct 21, 2023
stb_vorbis DoS via NULL Dereference in Decoder stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.
Stb Vorbis C
CVE-2023-45682 Oct 21, 2023
CVE-2023-45682: stb_vorbis OGG decode out-of-bounds read leaks memory stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.
Stb Vorbis C
CVE-2023-45677 Oct 21, 2023
stb_vorbis: OOB write via negative len in vendor field -- code exec stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.
Stb Vorbis C
CVE-2023-45679 Oct 21, 2023
stb_vorbis Memory Allocation Failure in start_decoder Enables Code Execution stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.
Stb Vorbis C
CVE-2023-45676 Oct 21, 2023
stb_vorbis Ogg Vorbis lib: OOB write via setup_malloc overflow stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.
Stb Vorbis C
CVE-2023-45675 Oct 21, 2023
OOB Write in stb_vorbis setup_malloc May Allow Code Exec stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
Stb Vorbis C
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.