vulnerability

Debian: CVE-2025-3408: libstb -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 8, 2025

Added

May 15, 2025

Modified

Mar 30, 2026

Description

A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Solution

no-fix-debian-deb-package

References

CVE-2025-3408
https://attackerkb.com/topics/CVE-2025-3408
CWE-190
EUVD-EUVD-2025-10090
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-10090

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report