libuvc Null Pointer Dereference Vulnerability in UVC Descriptor Handler
Vulnerability
A null pointer dereference vulnerability has been identified in libuvc versions through 0.0.7. The issue arises in the UVC Descriptor Handler, specifically within the uvc_scan_streaming function in src/device.c. This vulnerability leads to a segmentation fault by allowing the processing of malformed UVC descriptors, which the application fails to handle properly. The vulnerability can be exploited locally, and a public exploit is available.
Impact
Exploitation of this vulnerability causes a segmentation fault due to a null pointer dereference, leading to a crash of the application.
Reproduction
The vulnerability can be reproduced by compiling the libuvc test harness with AddressSanitizer enabled, and then running the harness with the repro input that triggers the null pointer dereference. The AddressSanitizer will report the null pointer dereference as a segmentation fault, indicating that the vulnerability has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.