CVE-2026-1991 | libuvc up to 0.0.7 UVC Descriptor src/device.c uvc_scan_streaming null pointer dereference (Issue 300)

Inserito da Angelo Barbosa | Feb 5, 2026 | CVE

A vulnerability labeled as problematic has been found in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference.

This vulnerability was named CVE-2026-1991. The attack needs to be approached locally. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1991 | libuvc up to 0.0.7 UVC Descriptor src/device.c uvc_scan_streaming null pointer dereference (Issue 300)

Post correlati

CVE-2024-5955 | Trellix ePolicy Orchestrator up to 5.10 Service Pack 1 Update 2 cross site scripting

CVE-2025-41094 | Global Planning Solutions BOLD Workplanner up to 2.5.24 authorization

CVE-2025-7596 | Tenda FH1205 2.0.0.7(775) /goform/WifiExtraSet formWifiExtraSet wpapsk_crypto stack-based overflow

CVE-2025-12649 | SortTable Post Plugin up to 4.2 on WordPress Shortcode ID cross site scripting