VYPR
Vendor

Libuvc

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2026-0708HigMar 17, 2026
    risk 0.47cvss 8.3epss 0.00

    A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when…

  • CVE-2026-1991LowFeb 6, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now…

  • CVE-2024-24806Feb 7, 2024
    risk 0.00cvss epss 0.02

    libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be…

  • CVE-2020-8252Sep 18, 2020
    risk 0.00cvss epss 0.01

    The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

  • CVE-2014-9748Feb 11, 2020
    risk 0.00cvss epss 0.03

    The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by…

  • CVE-2015-0278May 18, 2015
    risk 0.00cvss epss 0.03

    libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.