CVE-2026-9149
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
A heap buffer overflow vulnerability was found in the libsolv library. The issue occurs when processing a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function, leading to undersized memory allocation and an out-of-bounds write.
Risk Assessment
An attacker could exploit this vulnerability to cause a denial of service (DoS) by delivering a malicious `.solv` file to the victim.
Recommendation
Update the libsolv library to the latest patched version. Until updated, avoid processing `.solv` files from untrusted sources.
Original NVD description (English source)
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

