{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24805", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:39:10.280Z", "datePublished": "2026-01-27T08:41:18.867Z", "dateUpdated": "2026-01-27T20:47:37.939Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/visualfc/liteide", "defaultStatus": "affected", "modules": ["liteidex/src/3rdparty/libvterm/src"], "product": "liteide", "programFiles": ["screen.c", "state.c", "vterm.c"], "vendor": "visualfc", "versions": [{"lessThan": "x38.4", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules).<p> This vulnerability is associated with program files <tt>screen.C</tt>, <tt>state.C</tt>, <tt>vterm.C</tt>.</p><p>This issue affects liteide: before x38.4.</p>"}], "value": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.\n\nThis issue affects liteide: before x38.4."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:41:18.867Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/visualfc/liteide/pull/1326"}], "source": {"discovery": "UNKNOWN"}, "title": "Mishandles certain out-of-memory conditions in visualfc/liteide via liteidex/src/3rdparty/libvterm/src module", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T20:47:28.520859Z", "id": "CVE-2026-24805", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:47:37.939Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24805", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T20:47:28.520859Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:47:33.968Z"}}], "cna": {"title": "Mishandles certain out-of-memory conditions in visualfc/liteide via liteidex/src/3rdparty/libvterm/src module", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.7, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "visualfc", "modules": ["liteidex/src/3rdparty/libvterm/src"], "product": "liteide", "versions": [{"status": "affected", "version": "0", "lessThan": "x38.4", "versionType": "git"}], "programFiles": ["screen.c", "state.c", "vterm.c"], "collectionURL": "https://github.com/visualfc/liteide", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/visualfc/liteide/pull/1326", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.\n\nThis issue affects liteide: before x38.4.", "supportingMedia": [{"type": "text/html", "value": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules).<p> This vulnerability is associated with program files <tt>screen.C</tt>, <tt>state.C</tt>, <tt>vterm.C</tt>.</p><p>This issue affects liteide: before x38.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:41:18.867Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24805", "state": "PUBLISHED", "dateUpdated": "2026-01-27T20:47:37.939Z", "dateReserved": "2026-01-27T08:39:10.280Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:41:18.867Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C.\n\nThis issue affects liteide: before x38.4."}, {"lang": "es", "value": "Vulnerabilidad de desreferencia de puntero NULL en visualfc liteide (m\u00f3dulos liteidex/src/3rdparty/libvterm/src). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa screen.C, state.C, vterm.C.\n\nEste problema afecta a liteide: antes de x38.4."}], "id": "CVE-2026-24805", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:50.607", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/visualfc/liteide/pull/1326"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:24:52.292083+00:00", "value": {"mitigation_remediation": ["Upgrade visualfc LiteIDE to version x38.4 or later.", "During the upgrade, ensure LiteIDE is closed to avoid data loss.", "After upgrading, monitor log files for any crash indicators to confirm the vulnerability is fully addressed."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "visualfc LiteIDE versions prior to x38.4 are affected. All program modules screen.C, state.C, and vterm.C may lead to the crash when run under these versions.", "description_and_impact": "The vulnerability is a NULL Pointer Dereference in the liteidex/src/3rdparty/libvterm/src module of visualfc LiteIDE. When a program encounters certain out\u2011of\u2011memory conditions it fails to guard against a null pointer, which can cause the application to crash. This flaw is a classic instance of CWE\u2011476 and can be used to trigger a denial of service by terminating the LiteIDE process.", "risk_and_exploitability": "The CVSS score is 6.7, indicating moderate severity, while the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog. No remote exploitation vector is documented, so the risk is chiefly local or for users who run the application in an unmanaged environment. The low EPSS suggests that the likelihood of exploitation is low, but the impact on availability is high if an attacker can force the application to crash."}}}}, "created": "2026-01-27T20:17:01.769705+00:00", "updated": "2026-04-18T02:30:15.867183+00:00", "vendors": ["visualfc", "visualfc$PRODUCT$liteide"]}