Nixpkgs Security Tracker

Permalink CVE-2026-1991

updated 1 week, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 1 day ago
@LeSuisse accepted 2 weeks ago
@LeSuisse published on GitHub 1 week, 6 days ago

libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

libuvc

==0.0.4
==0.0.2
==0.0.5
==0.0.6
==0.0.7
==0.0.3
==0.0.1

Matching in nixpkgs

pkgs.libuvc

Cross-platform library for USB video devices

nixos-unstable 2020-11-29
- nixpkgs-unstable 2020-11-29
- nixos-unstable-small 2020-11-29
nixos-25.11 2020-11-29
- nixos-25.11-small 2020-11-29
- nixpkgs-25.11-darwin 2020-11-29

Package maintainers

@prusnak Pavol Rusnak <pavol@rusnak.io>

Upstream issue: https://github.com/libuvc/libuvc/issues/300

Suggestions search

Affected products

Matching in nixpkgs

pkgs.libuvc

Package maintainers