CVE Catalog

CVE-2026-9149

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

A heap buffer overflow vulnerability was found in the libsolv library. The issue occurs when processing a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function, leading to undersized memory allocation and an out-of-bounds write.

Risk Assessment

An attacker could exploit this vulnerability to cause a denial of service (DoS) by delivering a malicious `.solv` file to the victim.

Recommendation

Update the libsolv library to the latest patched version. Until updated, avoid processing `.solv` files from untrusted sources.

Original NVD description (English source)

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS