Vulnerability Description
A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libuvc | Libuvc | <= 0.0.7 |
Related Weaknesses (CWE)
References
- https://github.com/libuvc/libuvc/Product
- https://github.com/libuvc/libuvc/issues/300ExploitVendor Advisory
- https://github.com/oneafter/0104/blob/main/reproProduct
- https://vuldb.com/?ctiid.344509Permissions RequiredVDB Entry
- https://vuldb.com/?id.344509Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.743388ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2026-1991?
CVE-2026-1991 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null point...
How severe is CVE-2026-1991?
CVE-2026-1991 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1991?
Check the references section above for vendor advisories and patch information. Affected products include: Libuvc Libuvc.