CVE-2026-1188
MEDIUM EPSS 38.5%
Published Jan 29, 20265mo ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Published Jan 29, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
38.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-120
CWE-131
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| eclipse | omr | * | ≥0.2 – <0.8.0 |
References 1
- github.com https://github.com/eclipse-omr/omr/pull/8082
Remediation
- github.com https://github.com/eclipse-omr/omr/pull/8082