PT-2026-35056 · Zserio · Zserio
Ryujiyasu
·
Published
2026-04-24
·
Updated
2026-04-25
·
CVE-2026-33666
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Zserio versions prior to 2.18.1
Description
An issue exists in the
readBytes() and readString() functions within BitStreamReader.h where the setBitPosition() bounds check receives an overflowed value and is bypassed. This allows the system to attempt reading 512 MB of data from a buffer that is only a few bytes long, resulting in a segmentation fault, which is a crash caused by attempting to access a memory location that the program is not allowed to access.Recommendations
Update to version 2.18.1.
Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zserio