CRITICAL🇵🇱 Wersja polska

CVE-2026-24826

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-04-15

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects .

🤖 AI Analysis
How it works

The vulnerabilities include out-of-bounds write (Out-of-bounds Write, CWE-787), out-of-bounds read (Out-of-bounds Read, CWE-125), NULL pointer dereference (NULL Pointer Dereference, CWE-476), division by zero (Divide By Zero, CWE-369), use of uninitialized resource (Use of Uninitialized Resource, CWE-908), and reachable assertions (Reachable Assertion, CWE-617). These errors can be triggered by maliciously crafted input data processed by the library. A remote, unauthenticated attacker can deliver a malicious payload without any interaction from the victim.

Impact

An attacker can achieve arbitrary code execution (RCE), destabilization or complete shutdown of an application using the library, as well as leakage or corruption of data in the process memory.

Mitigation & patch

Patches available from the vendor should be applied according to the references — the fix is being processed as pull request #11 in the repository https://github.com/cadaver/turso3d/pull/11.

Who is affected

The turso3d library of the cadaver project — versions indicated in the vendor references (pull request #11 on GitHub).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References