{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24873", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T15:46:29.599Z", "datePublished": "2026-01-27T15:53:20.942Z", "dateUpdated": "2026-01-27T17:00:59.576Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "lpp-vita", "vendor": "Rinnegatamante", "versions": [{"lessThan": "lpp-vita r6", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.<p>This issue affects lpp-vita: before lpp-vita r6.</p>"}], "value": "Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:53:20.942Z"}, "references": [{"url": "https://github.com/Rinnegatamante/lpp-vita/pull/82"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds read in lpp-vita", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T17:00:44.964756Z", "id": "CVE-2026-24873", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:00:59.576Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24873", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T17:00:44.964756Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:00:54.474Z"}}], "cna": {"title": "Out-of-bounds read in lpp-vita", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rinnegatamante", "product": "lpp-vita", "versions": [{"status": "affected", "version": "0", "lessThan": "lpp-vita r6", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/Rinnegatamante/lpp-vita/pull/82"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.<p>This issue affects lpp-vita: before lpp-vita r6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:53:20.942Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24873", "state": "PUBLISHED", "dateUpdated": "2026-01-27T17:00:59.576Z", "dateReserved": "2026-01-27T15:46:29.599Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T15:53:20.942Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en Rinnegatamante lpp-vita. Este problema afecta a lpp-vita: antes de lpp-vita r6."}], "id": "CVE-2026-24873", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T16:16:36.753", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/Rinnegatamante/lpp-vita/pull/82"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:48:00.102917+00:00", "value": {"mitigation_remediation": ["Upgrade lpp\u2011vita to revision 6 or later, which contains the fix for the out\u2011of\u2011bounds read.", "If an upgrade is infeasible, limit the execution context of lpp\u2011vita by running it in a restricted sandbox or container to contain potential data leakage.", "Apply general security hygiene such as enabling address\u2011space layout randomization for the host process to make predictability of memory layouts more difficult for attackers."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure via Out\u2011of\u2011Bounds Read"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Rinnegatamante\u2019s lpp\u2011vita library versions prior to revision 6. The impacted software is the lpp\u2011vita component used in media or gaming applications, identified by the vendor name Rinnegatamante and product lpp\u2011vita.", "description_and_impact": "A buffer under\u2011read in the lpp\u2011vita library allows an attacker to read data beyond the bounds of an allocated memory region. The flaw is identified as CWE\u2011125 and can lead to disclosure of adjacent memory contents, which may contain sensitive information depending on the runtime environment. No evidence is provided that the flaw enables code execution or denial of service; the impact is limited to potential information leakage.", "risk_and_exploitability": "The CVSS score of 7.8 classifies it as high severity, yet the EPSS score of less than 1% indicates that exploitation is currently unlikely. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The most probable attack vector is local \u2013 an attacker who can execute or influence the lpp\u2011vita code may trigger the out\u2011of\u2011bounds read, but remote exploitation is not documented in the provided information."}}}}, "created": "2026-01-28T12:22:37.721863+00:00", "updated": "2026-04-18T15:00:03.437177+00:00", "vendors": ["rinnegatamante", "rinnegatamante$PRODUCT$lpp-vita"]}