Description
improper pointer arithmetic

vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.
Published: 2026-01-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Immediate Patch
AI Analysis

Impact

This vulnerability involves an improper pointer arithmetic error in ProjectSkyfire SkyFire_548, affecting versions before 5.4.8-stable5. The flaw permits unpredictable manipulation of memory addresses, which could lead to corruption of program data and control structures. The CVE documentation references only the pointer handling inadequacy without specifying the exact consequences, so the potential impact is limited to memory corruption as described.

Affected Systems

All installations of ProjectSkyfire SkyFire_548 running a version earlier than 5.4.8-stable5 are affected. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates a highly severe flaw, and the EPSS score of <1% suggests that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. No explicit attack vector is provided in the description; however, based on the high CVSS score, it is presumed that a compromise could occur remotely or locally if the flaw is triggered, but this is not confirmed by the available data.

Generated by OpenCVE AI on April 18, 2026 at 18:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SkyFire_548 to version 5.4.8-stable5 or later to apply the pointer arithmetic fix.
  • Monitor system logs and performance metrics for signs of abnormal memory usage or crashes that could indicate corruption.
  • Configure the SkyFire_548 process with the least privileges required to run, limiting the potential damage from a memory corruption incident.

Generated by OpenCVE AI on April 18, 2026 at 18:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/cadaver/turso3d/pull/11 cve-icon cve-icon
History

Wed, 04 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-468
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Projectskyfire
Projectskyfire skyfire 548
Vendors & Products Projectskyfire
Projectskyfire skyfire 548

Tue, 27 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Description improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.
Title Pointer arithmetic error in SkyFire_548
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Projectskyfire Skyfire 548
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-02-04T17:56:00.844Z

Reserved: 2026-01-27T15:46:29.599Z

Link: CVE-2026-24872

cve-icon Vulnrichment

Updated: 2026-02-04T17:55:52.545Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T16:16:36.640

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses