CVE-2026-33848
Improper Memory Buffer Restriction in LinkingVision RapidVMS
Publication date: 2026-03-24
Last updated on: 2026-04-20
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linkingvision | rapidvms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper restriction of operations within the bounds of a memory buffer in the linkingvision rapidvms software. Specifically, it is caused by an off-by-one error in the code that leads to out-of-bounds array access. The vulnerable code was copied from the FFmpeg project but did not include the security patch that fixed this issue. This flaw allows operations to exceed the allocated memory buffer limits, potentially causing unexpected behavior.
How can this vulnerability impact me? :
The vulnerability has a high severity score (CVSS 8.8) and can lead to significant impacts including confidentiality, integrity, and availability being compromised. Because it allows out-of-bounds memory access, an attacker could exploit this to execute arbitrary code, cause a denial of service, or gain unauthorized access to sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to an off-by-one error causing out-of-bounds array access in the linkingvision rapidvms software, specifically in the cloned FFmpeg code. Detection would involve verifying the version of rapidvms to see if it includes the patch from PR#96 that fixes this issue.
There are no specific network or system commands provided in the available resources to detect exploitation or presence of this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch from pull request PR#96 in the linkingvision rapidvms project, which backports the security fix from the original FFmpeg repository addressing CVE-2017-9992.
This patch corrects the off-by-one error to prevent out-of-bounds memory access, thereby eliminating the vulnerability.
If updating is not immediately possible, consider restricting access to the vulnerable service to trusted users only, as the vulnerability has a high CVSS score indicating potential for remote exploitation.