{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24872", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T15:46:29.599Z", "datePublished": "2026-01-27T15:51:45.395Z", "dateUpdated": "2026-02-04T17:56:00.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SkyFire_548", "vendor": "ProjectSkyfire", "versions": [{"lessThan": "5.4.8-stable5", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;improper pointer arithmetic</span>\n\n vulnerability in ProjectSkyfire SkyFire_548.<p>This issue affects SkyFire_548: before 5.4.8-stable5.</p>"}], "value": "improper pointer arithmetic\n\n vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:51:45.395Z"}, "references": [{"url": "https://github.com/cadaver/turso3d/pull/11"}], "source": {"discovery": "UNKNOWN"}, "title": "Pointer arithmetic error in SkyFire_548", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-468", "lang": "en", "description": "CWE-468 Incorrect Pointer Scaling"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:19:51.346408Z", "id": "CVE-2026-24872", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T17:56:00.844Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24872", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T15:46:29.599Z", "datePublished": "2026-01-27T15:51:45.395Z", "dateUpdated": "2026-02-04T17:56:00.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SkyFire_548", "vendor": "ProjectSkyfire", "versions": [{"lessThan": "5.4.8-stable5", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;improper pointer arithmetic</span>\n\n vulnerability in ProjectSkyfire SkyFire_548.<p>This issue affects SkyFire_548: before 5.4.8-stable5.</p>"}], "value": "improper pointer arithmetic\n\n vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:51:45.395Z"}, "references": [{"url": "https://github.com/cadaver/turso3d/pull/11"}], "source": {"discovery": "UNKNOWN"}, "title": "Pointer arithmetic error in SkyFire_548", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24872", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T21:19:51.346408Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-468", "description": "CWE-468 Incorrect Pointer Scaling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T17:55:52.545Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "improper pointer arithmetic\n\n vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5."}, {"lang": "es", "value": "Vulnerabilidad de aritm\u00e9tica de punteros incorrecta en ProjectSkyfire SkyFire_548. Este problema afecta a SkyFire_548: antes de 5.4.8-stable5."}], "id": "CVE-2026-24872", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T16:16:36.640", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/cadaver/turso3d/pull/11"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-468"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T18:47:09.128011+00:00", "value": {"mitigation_remediation": ["Upgrade SkyFire_548 to version 5.4.8-stable5 or later to apply the pointer arithmetic fix.", "Monitor system logs and performance metrics for signs of abnormal memory usage or crashes that could indicate corruption.", "Configure the SkyFire_548 process with the least privileges required to run, limiting the potential damage from a memory corruption incident."], "summary": {"action": "Immediate Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "All installations of ProjectSkyfire SkyFire_548 running a version earlier than 5.4.8-stable5 are affected. No other vendors or products are listed as impacted.", "description_and_impact": "This vulnerability involves an improper pointer arithmetic error in ProjectSkyfire SkyFire_548, affecting versions before 5.4.8-stable5. The flaw permits unpredictable manipulation of memory addresses, which could lead to corruption of program data and control structures. The CVE documentation references only the pointer handling inadequacy without specifying the exact consequences, so the potential impact is limited to memory corruption as described.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a highly severe flaw, and the EPSS score of <1% suggests that exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog. No explicit attack vector is provided in the description; however, based on the high CVSS score, it is presumed that a compromise could occur remotely or locally if the flaw is triggered, but this is not confirmed by the available data."}}}}, "created": "2026-01-27T20:16:21.505105+00:00", "updated": "2026-04-18T19:00:08.021565+00:00", "vendors": ["projectskyfire", "projectskyfire$PRODUCT$skyfire_548"]}