Nixpkgs security tracker

Untriaged

Permalink CVE-2026-1991

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-344509 | libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference vdb-entrytechnical-description
VDB-344509 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #743388 | libuvc v0.0.7 and master-branch NULL Pointer Dereference third-party-advisory
https://github.com/libuvc/libuvc/issues/300 issue-tracking
https://github.com/oneafter/0104/blob/main/repro exploit
https://github.com/libuvc/libuvc/ product

Affected products

libuvc

==0.0.5
==0.0.1
==0.0.7
==0.0.6
==0.0.2
==0.0.3
==0.0.4

Matching in nixpkgs

pkgs.libuvc

Cross-platform library for USB video devices

nixos-unstable 2020-11-29
- nixpkgs-unstable 2020-11-29
- nixos-unstable-small 2020-11-29
nixos-25.11 2020-11-29
- nixpkgs-25.11-darwin 2020-11-29

Package maintainers

@prusnak Pavol Rusnak <pavol@rusnak.io>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libuvc

Package maintainers