UBUNTU-CVE-2026-1991

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-1991

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-1991

Upstream

CVE-2026-1991

Published

2026-02-06T06:15:00Z

Modified

2026-05-20T16:24:08.416262082Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvcscanstreaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Ubuntu:18.04:LTS

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.6-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"

Ubuntu:20.04:LTS

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.6-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"

Ubuntu:22.04:LTS

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.6-1.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.6-1.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"

Ubuntu:24.04:LTS

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.6-2

0.0.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.7-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"

Ubuntu:25.10

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.7-2

0.0.7-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.7-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"

Ubuntu:26.04:LTS

libuvc

Package

Name: libuvc
Purl: pkg:deb/ubuntu/libuvc?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.7-3

0.0.7-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libuvc0",
            "binary_version": "0.0.7-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-1991.json"