Description
NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.

This issue affects liteide: before x38.4.
Published: 2026-01-27
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a NULL Pointer Dereference in the liteidex/src/3rdparty/libvterm/src module of visualfc LiteIDE. When a program encounters certain out‑of‑memory conditions it fails to guard against a null pointer, which can cause the application to crash. This flaw is a classic instance of CWE‑476 and can be used to trigger a denial of service by terminating the LiteIDE process.

Affected Systems

visualfc LiteIDE versions prior to x38.4 are affected. All program modules screen.C, state.C, and vterm.C may lead to the crash when run under these versions.

Risk and Exploitability

The CVSS score is 6.7, indicating moderate severity, while the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog. No remote exploitation vector is documented, so the risk is chiefly local or for users who run the application in an unmanaged environment. The low EPSS suggests that the likelihood of exploitation is low, but the impact on availability is high if an attacker can force the application to crash.

Generated by OpenCVE AI on April 18, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade visualfc LiteIDE to version x38.4 or later.
  • During the upgrade, ensure LiteIDE is closed to avoid data loss.
  • After upgrading, monitor log files for any crash indicators to confirm the vulnerability is fully addressed.

Generated by OpenCVE AI on April 18, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Visualfc
Visualfc liteide
Vendors & Products Visualfc
Visualfc liteide

Tue, 27 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
Description NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4.
Title Mishandles certain out-of-memory conditions in visualfc/liteide via liteidex/src/3rdparty/libvterm/src module
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber'}

Subscriptions

Visualfc Liteide
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T20:47:37.939Z

Reserved: 2026-01-27T08:39:10.280Z

Link: CVE-2026-24805

cve-icon Vulnrichment

Updated: 2026-01-27T20:47:33.968Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:50.607

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24805

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:30:15Z

Weaknesses