Description
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
Published: 2026-06-09
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA DALI contains a component that suffers a heap‑based buffer overflow. An attacker could trigger the overflow by supplying crafted data to the component, potentially resulting in memory corruption. If successful, the attacker may execute arbitrary code, tamper with data, cause denial of service, or disclose sensitive information. This vulnerability maps to CWE‑122 and threatens the confidentiality, integrity and availability of systems that use the library.

Affected Systems

The affected vendor is NVIDIA, product DALI. No specific version ranges are listed in the advisory; systems running any unpatched versions of NVIDIA DALI are potentially vulnerable. Administrators should verify the installed DALI version and apply the vendor's update once available.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity. Without an EPSS score, the exact exploitation probability is unknown, but the absence from the KEV catalog suggests no confirmed widespread exploitation yet. The attack is likely local or requires an attacker who can supply input to the affected component. For systems that expose DALI to untrusted input, the risk of exploitation is significant; for isolated environments, the potential impact is lower.

Generated by OpenCVE AI on June 9, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest NVIDIA DALI release that contains the buffer overflow fix.
  • If an upgrade is not possible immediately, restrict the component’s privileges, run it in a sandboxed environment, and block untrusted input sources.
  • Implement strict input validation on data passed to DALI to enforce bounds and prevent oversized payloads.

Generated by OpenCVE AI on June 9, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Title Heap‑based Buffer Overflow in NVIDIA DALI Allows Potential Remote Code Execution
First Time appeared Nvidia
Nvidia dali
Vendors & Products Nvidia
Nvidia dali

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Dali
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-06-09T23:39:14.072Z

Reserved: 2026-01-21T19:09:31.779Z

Link: CVE-2026-24180

cve-icon Vulnrichment

Updated: 2026-06-09T18:26:46.562Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:02.657

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-24180

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses