How severe is CVE-2025-3407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-3407?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2025-3407 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2013-3245

MEDIUM

CVSS:6.3(Medium)

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a ...

CWE-1192013

CVE-2016-1176

MEDIUM

CVSS:6.3(Medium)

Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.

CWE-1192016

CVE-2016-1628

MEDIUM

CVSS:6.3(Medium)

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of ser...

CWE-1192016

CVE-2016-1737

MEDIUM

CVSS:6.3(Medium)

Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.

CWE-1192016

CVE-2016-2837

MEDIUM

CVSS:6.3(Medium)

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remot...

CWE-1192016

CVE-2016-5728

MEDIUM

CVSS:6.3(Medium)

Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memo...

CWE-1192016