CVE-2026-24799

5.2 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber CVSS Calculator

Summary

[none]

Details

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C.

This issue affects dlib: before v19.24.9.

References

https://github.com/davisking/dlib/pull/3063

Affected packages

Git / github.com/davisking/dlib

Affected ranges

Type

GIT

Repo

https://github.com/davisking/dlib

Events

Introduced

Fixed

9c639e3091b8c41bc70621e6b95fdfd6edc46910

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "v19.24.9"
        }
    ]
}

Affected versions

Other

before_dnn_serialization_cleanup

v17.*

v17.39

v17.40

v17.41

v17.42

v17.43

v17.44

v17.45

v17.46

v17.47

v17.48

v17.49

v18.*

v18.0

v18.1

v18.10

v18.11

v18.13

v18.14

v18.15

v18.16

v18.17

v18.2

v18.3

v18.5

v18.6

v18.7

v18.8

v18.9

v19.*

v19.0

v19.1

v19.10

v19.11

v19.12

v19.13

v19.14

v19.15

v19.16

v19.17

v19.18

v19.19

v19.2

v19.20

v19.21

v19.22

v19.23

v19.24

v19.24.2

v19.24.3

v19.24.4

v19.24.5

v19.24.6

v19.24.7

v19.24.8

v19.3

v19.4

v19.5

v19.6

v19.7

v19.8

v19.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24799.json"