CVE-2026-1991 - Vulnerability Details

- libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference

Description

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-02-06

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A null pointer dereference occurs in the uvc_scan_streaming function of libuvc version 0.0.7 or earlier, allowing a local attacker to cause a crash when scanning USB video device descriptors. The defect can be leveraged by manipulating camera input data, leading to an application termination or system instability. Because the exploit is publicly available, local systems that rely on libuvc are at risk of denial of service.

Affected Systems

The vulnerability affects the libuvc library, specifically versions up to and including 0.0.7. Systems that integrate libuvc for USB video device handling—such as applications or services that depend on this library for camera support—are impacted. No specific vendor release notes are available yet, and the issue is reported in the libuvc project’s issue tracker.

Risk and Exploitability

The CVSS score of 4.8 places the vulnerability in the moderate range, while the EPSS score of less than 1% indicates a very low probability of exploitation in the wider field. The exploit requires local access and is not included in CISA’s KEV catalog. The attack vector is inferred to be local because the vulnerability is triggered by USB device interaction that a local attacker can control. Consequently, the risk is primarily for environments where USB cameras are enabled for local users or services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

libuvc

affected

Version	Status	Constraints
`0.0.1`	affected	—
`0.0.2`	affected	—
`0.0.3`	affected	—
`0.0.4`	affected	—
`0.0.5`	affected	—
`0.0.6`	affected	—
`0.0.7`	affected	—

Configuration 1 [-]

cpe:2.3:a:libuvc:libuvc:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Libuvc	Uvc Descriptor Handler	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the libuvc repository or vendor site for a newer release that addresses the null pointer dereference; if a fixed version exists, upgrade immediately.
If no patch is available, restrict USB camera access to trusted users only by configuring udev rules or system policies, or disable camera devices in environments where they are not needed.
Keep the system and any dependent applications regularly patched and monitor the libuvc issue tracker for updates or workarounds.

Generated by OpenCVE AI on April 18, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/libuvc/libuvc/
https://github.com/libuvc/libuvc/issues/300
https://github.com/oneafter/0104/blob/main/repro
https://vuldb.com/?ctiid.344509
https://vuldb.com/?id.344509
https://vuldb.com/?submit.743388

History

Thu, 05 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libuvc libuvc
CPEs		cpe:2.3:a:libuvc:libuvc::::::::
Vendors & Products		Libuvc libuvc

Fri, 06 Feb 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libuvc Libuvc uvc Descriptor Handler
Vendors & Products		Libuvc Libuvc uvc Descriptor Handler

Fri, 06 Feb 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		libuvc UVC Descriptor device.c uvc_scan_streaming null pointer dereference
Weaknesses		CWE-404 CWE-476
References		https://github.com/libuvc/libuvc/ https://github.com/libuvc/libuvc/issues/300 https://github.com/oneafter/0104/blob/main/repro https://vuldb.com/?ctiid.344509 https://vuldb.com/?id.344509 https://vuldb.com/?submit.743388
Metrics		cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Libuvc Libuvc Uvc Descriptor Handler

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-06T05:32:08.140Z

Updated: 2026-02-23T09:21:46.700Z

Reserved: 2026-02-05T15:43:47.726Z

Link: CVE-2026-1991

Vulnrichment

Updated: 2026-02-06T20:25:04.952Z

NVD

Status : Analyzed

Published: 2026-02-06T06:15:50.240

Modified: 2026-03-05T20:58:50.327

Link: CVE-2026-1991

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object