CVE-2026-48065

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.1

Description In the src/conf.c file, heap memory is allocated proportional to n devices, a count derived from libxml2 XPath evaluation of the configuration file, without enforcing an upper bound. On 32-bit targets such as armv7l and i686, the multiplication of n devices by sizeof(t pusb device) can wrap around size t, resulting in xmalloc() receiving a very small size. Since xmalloc() only triggers an abort on a NULL return, a small-but-non-NULL allocation is accepted, leading to a heap-based buffer overflow during subsequent array writes.

Recommendations Update to version 0.9.1.