CVE-2026-42046

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libcaca versions 0.99.beta20 and earlier

Description An integer overflow in the canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution.

Recommendations Apply the fix provided in commit fb77acff9ba6bb01d53940da34fb10f20b156a23.

Exploit

Fix

RCE

Integer Overflow

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122CWE-787

Related Identifiers

CVE-2026-42046

OPENSUSE-SU-2026:10834-1

USN-8318-1

Affected Products

Linuxmint

Ubuntu

Libcaca

CVE-2026-42046

Weakness Enumeration

Related Identifiers

Affected Products

References · 16