How severe is CVE-2025-3406?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-3406?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2025-3406

MEDIUM Year: 2025

CVSS v3 Score

4.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-119

View all →

Vulnerability Description

A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2015-7115

MEDIUM

CVSS:4.3(Medium)

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML doc...

CWE-1192015

CVE-2015-7116

MEDIUM

CVSS:4.3(Medium)

CWE-1192015

CVE-2016-1626

MEDIUM

CVSS:4.3(Medium)

The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a ...

CWE-1192016

CVE-2016-1957

MEDIUM

CVSS:4.3(Medium)

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers...

CWE-1192016

CVE-2016-5400

MEDIUM

CVSS:4.3(Medium)

Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driver in the Linux kernel before 4.7 allows local users to cause a denial of service (memory consumptio...

CWE-1192016

CVE-2016-8030

MEDIUM

CVSS:4.3(Medium)

A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer ...

CWE-1192016

CVE-2025-3406

Vulnerability Description

Related Vulnerabilities

CVE-2015-7115

CVE-2015-7116

CVE-2016-1626

CVE-2016-1957

CVE-2016-5400

CVE-2016-8030