CVE-2026-47104

ADVISORY - nist

Summary

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

EPSS Score⁠: 0.00011 (0.015)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125⁠

Out-of-bounds Read

Impacted images

Advisories

NIST

CREATED

5 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-47104⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-125⁠

CVSS SCORE

5.1medium

Alpine

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-47104⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 hours ago

UPDATED

2 hours ago

ADVISORY IDCVE-2026-47104⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-47104⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-fg8v-hvj7-8fgp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY