CVE-2026-47104

Source
https://cve.org/CVERecord?id=CVE-2026-47104
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47104.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47104
Downstream
Published
2026-05-27T13:20:44.432Z
Modified
2026-07-08T08:13:38.789952244Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()
Details

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusbgetactiveinterfaceassociationdescriptors or libusbgetinterfaceassociation_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47104.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/libusb/libusb

Affected ranges

Type
GIT
Repo
https://github.com/libusb/libusb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.30"
        }
    ]
}

Affected versions

Other
academic-demo
v0.*
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.10-rc1
v1.0.11
v1.0.11-rc1
v1.0.12
v1.0.12-rc1
v1.0.13
v1.0.13-rc1
v1.0.13-rc2
v1.0.14
v1.0.15
v1.0.15-rc1
v1.0.15-rc2
v1.0.15-rc3
v1.0.16
v1.0.16-rc1
v1.0.16-rc2
v1.0.16-rc3
v1.0.17
v1.0.17-rc1
v1.0.18
v1.0.18-rc1
v1.0.19
v1.0.19-rc1
v1.0.19-rc2
v1.0.2
v1.0.20
v1.0.20-rc1
v1.0.20-rc2
v1.0.20-rc3
v1.0.21
v1.0.21-rc1
v1.0.21-rc2
v1.0.21-rc3
v1.0.21-rc4
v1.0.21-rc5
v1.0.21-rc6
v1.0.22
v1.0.22-rc1
v1.0.22-rc2
v1.0.22-rc3
v1.0.22-rc4
v1.0.23
v1.0.23-rc1
v1.0.23-rc2
v1.0.23-rc3
v1.0.24
v1.0.24-rc1
v1.0.25
v1.0.25-rc1
v1.0.26
v1.0.26-rc1
v1.0.27
v1.0.27-rc1
v1.0.27-rc2
v1.0.28
v1.0.28-rc1
v1.0.29
v1.0.3
v1.0.30-rc1
v1.0.30-rc2
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.0.9-rc4
v1.0.9-rc5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47104.json"