CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704	Patch
https://github.com/libusb/libusb/issues/1813	Issue Tracking Mitigation
https://github.com/libusb/libusb/pull/1814	Issue Tracking Patch
https://github.com/libusb/libusb/releases/tag/v1.0.30	Product Release Notes
https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*

History

28 May 2026, 15:40

Type	Values Removed	Values Added
References	~~() https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704 -~~	() https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704 - Patch
References	~~() https://github.com/libusb/libusb/issues/1813 -~~	() https://github.com/libusb/libusb/issues/1813 - Issue Tracking, Mitigation
References	~~() https://github.com/libusb/libusb/pull/1814 -~~	() https://github.com/libusb/libusb/pull/1814 - Issue Tracking, Patch
References	~~() https://github.com/libusb/libusb/releases/tag/v1.0.30 -~~	() https://github.com/libusb/libusb/releases/tag/v1.0.30 - Product, Release Notes
References	~~() https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array -~~	() https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array - Patch, Third Party Advisory
First Time		Libusb libusb Libusb
CPE		cpe:2.3:a:libusb:libusb::::::::

27 May 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-05-28 15:40

NVD link : CVE-2026-47104

Mitre link : CVE-2026-47104

CVE.ORG link : CVE-2026-47104

JSON object : View

Products Affected

libusb

libusb

CWE

CWE-125

Out-of-bounds Read

4.0 /10