CRITICAL🇵🇱 Wersja polska

CVE-2026-24872

CVSS 9.8v3.1pub. 2026-01-27upd. 2026-04-15

improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.

🤖 AI Analysis
How it works

The vulnerability results from incorrect arithmetic operations on pointers in the application code, which can lead to reading or writing memory outside of designated areas. Incorrect pointer address calculations can result in memory corruption in a way that can be exploited by an attacker. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the exploit can be conducted remotely and without any prerequisites.

Impact

An attacker can gain full control over the vulnerable system, including violations of confidentiality, integrity, and availability of data — which corresponds to the highest ratings for all three components in the CVSS vector.

Mitigation & patch

SkyFire_548 should be updated to version 5.4.8-stable5 or later. Details are available in the vendor references: https://github.com/cadaver/turso3d/pull/11

Who is affected

ProjectSkyfire SkyFire_548 in all versions prior to 5.4.8-stable5

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References