CVE-2026-26738
Buffer Overflow in SpaceSniffer 2.0.5.18 Enables Remote Code Execution
Publication date: 2026-03-10
Last updated on: 2026-04-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uderzo_software | spacesniffer | 2.0.5.18 |
| uderzo_software | spacesniffer | to 2.1.0.21 (inc) |
| uderzo | spacesniffer | 2.0.5.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26738 is a stack-based buffer overflow vulnerability found in SpaceSniffer version 2.0.5.18. It occurs when the software parses proprietary snapshot (.sns) files. Specifically, a 32-bit length value inside the .sns file, controlled by an attacker, is used directly as the size parameter for the fread() function without proper bounds checking.
This fread() call reads data into a fixed-size 8192-byte stack buffer, which can be overflowed if the length value is oversized. This causes out-of-bounds writes on the stack, leading to stack memory corruption.
An attacker can craft a malicious .sns file with an oversized length value that triggers this overflow when opened or imported via SpaceSnifferβs GUI snapshot functionality. This can cause the program to crash and has been demonstrated to allow arbitrary code execution in the context of the user running SpaceSniffer.
The vulnerability has been exploited using techniques like Return-Oriented Programming (ROP) to bypass Data Execution Prevention (DEP). The attack typically involves a remote attacker distributing the malicious .sns file through email, chat, or downloads, relying on social engineering to convince the victim to open it.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to execute arbitrary code on your system with the privileges of the user running SpaceSniffer.
If you open or import a maliciously crafted .sns snapshot file, the attacker can cause the application to crash or take control of your system, potentially leading to data theft, system compromise, or further malware installation.
The attack relies on social engineering to trick you into opening the malicious file, so the risk is increased if you receive untrusted files via email, chat, or downloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the presence or opening of maliciously crafted .sns snapshot files in SpaceSniffer version 2.0.5.18. Since the exploit involves a specially crafted .sns file that triggers a buffer overflow when imported or opened, detection efforts should focus on identifying suspicious .sns files or unusual crashes of SpaceSniffer.
There are no specific detection commands provided in the available resources. However, general detection approaches could include:
- Monitoring file downloads and email attachments for suspicious .sns files.
- Checking for unexpected crashes or abnormal behavior in SpaceSniffer when opening snapshot files.
- Using file integrity monitoring to detect unauthorized or unexpected .sns files.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade SpaceSniffer to version 2.1.0.21 or later, where this buffer overflow vulnerability has been fixed.
Additionally, users should avoid opening or importing .sns snapshot files from untrusted or unknown sources to prevent exploitation via social engineering.
Implementing security awareness training to recognize suspicious files and attachments can also help reduce risk.