CVE-2026-33851
Description
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in doslib's cloned functions allows arbitrary code execution; fixed in doslib-20250729.
Root
Cause CVE-2026-33851 is a memory buffer vulnerability in joncampbell123/doslib, specifically in cloned functions sourced from knik0/faad2 (CVE-2019-15296). The issue stems from improper restriction of operations within memory bounds, leading to a classic buffer overflow.
Exploitation
An attacker can trigger the overflow by crafting malicious input that is processed by the vulnerable cloned functions. The vulnerability requires no specific privileges beyond the ability to supply data to the affected library component. Successful exploitation can corrupt memory, potentially leading to arbitrary code execution.
Impact
The vulnerability has a CVSS v3 score of 7.8 (High), indicating serious consequences such as code execution, data corruption, or denial of service. The attack surface includes any application or service that uses the doslib library to process untrusted input.
Mitigation
The issue is resolved in doslib-20250729 via a patch applied in pull request #65 [1]. Users must update to the latest version to eliminate the risk.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- joncampbell123/doslibv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.