CVE-2026-33850
Deferred Deferred - Pending Action
Out-of-Bounds Write in DualSenseY-v2 Before Version

Publication date: 2026-03-24

Last updated on: 2026-05-05

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33850
EUVD
EUVD-2026-14752
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wujekfoliarz dualsensey-v2 to 54 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-33850 is an out-of-bounds write vulnerability found in the DualSenseY-v2 project, specifically in the function `stbi__process_frame_header` within the file `stb_image.h`. This function was cloned from the original stb repository but initially lacked a critical security patch. The vulnerability allows writing outside the intended memory boundaries during image frame header processing, which can lead to memory corruption.

Impact Analysis

This vulnerability can have serious impacts including potential unauthorized code execution, data corruption, or system crashes. The CVSS score of 7.8 indicates a high severity with high impact on confidentiality, integrity, and availability. An attacker could exploit this out-of-bounds write to compromise the affected system or application.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-33850 vulnerability, you should update the DualSenseY-v2 software to include the security patch that fixes the out-of-bounds write issue in the function `stbi__process_frame_header` within `stb_image.h`.

This patch was merged on December 15, 2025, in pull request #66 on the DualSenseY-v2 GitHub repository and applies the same fix as the original patch from the stb repository (commit 5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40). Ensuring your system uses this updated version will prevent the vulnerability from being exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33850. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart