libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference_CVE-2026-1991

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-1991

Source VulDB

Published Feb 6, 2026 at 05:32

Affected Product

Vendor n/a

Product libuvc

Version 0.0.1

Affected Versions n/a libuvc 0.0.1
n/a libuvc 0.0.2
n/a libuvc 0.0.3
n/a libuvc 0.0.4
n/a libuvc 0.0.5
n/a libuvc 0.0.6
n/a libuvc 0.0.7

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-06T05:32:08.140Z",
    "modified": "2026-02-06T05:32:08.140Z",
    "type": "cve",
    "title": "libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344509\nhttps://vuldb.com/?ctiid.344509\nhttps://vuldb.com/?submit.743388\nhttps://github.com/libuvc/libuvc/issues/300\nhttps://github.com/oneafter/0104/blob/main/repro\nhttps://github.com/libuvc/libuvc/",
    "id": "CVE-2026-1991",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "n/a libuvc 0.0.1\nn/a libuvc 0.0.2\nn/a libuvc 0.0.3\nn/a libuvc 0.0.4\nn/a libuvc 0.0.5\nn/a libuvc 0.0.6\nn/a libuvc 0.0.7",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libuvc",
    "version": "0.0.1",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}