CVE-2026-4753
Deferred Deferred - Pending Action
Out-of-Bounds Read in slajerek RetroDebugger Before v

Publication date: 2026-03-24

Last updated on: 2026-05-05

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4753
EUVD
EUVD-2026-14772
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
slajerek retrodebugger to 0.64.72 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read issue in the RetroDebugger software, specifically in the `unescape()` function located in the file `src/Emulators/vice/monitor/mon_lex.c`. The vulnerable code was originally copied from GNU Aspell but did not include the security patch that fixed a similar issue in GNU Aspell (CVE-2019-17544). The vulnerability allows the program to read memory outside the intended bounds, which can lead to security risks.

Impact Analysis

The impact of this vulnerability is significant as indicated by its CVSS score of 9.1. It allows an attacker to perform an out-of-bounds read, which can lead to high confidentiality and availability impacts. This means sensitive information could be exposed and the affected system could become unstable or crash, potentially disrupting normal operations.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is an out-of-bounds read in the `unescape()` function of RetroDebugger before version 0.64.72. Detection would involve identifying if the vulnerable version of RetroDebugger is present on your system.

You can check the installed version of RetroDebugger by running a command such as:

  • retrodebugger --version

If the version is earlier than 0.64.72, the system is potentially vulnerable.

Additionally, since this is a local software vulnerability rather than a network service, network detection commands are not directly applicable.

Mitigation Strategies

The immediate mitigation step is to update RetroDebugger to version 0.64.72 or later, where the out-of-bounds read vulnerability in the `unescape()` function has been fixed.

If updating is not immediately possible, avoid processing untrusted input that could trigger the vulnerable `unescape()` function.

Applying the patch from the RetroDebugger pull request #97, which synchronizes the code with the fixed GNU Aspell version, will also mitigate the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4753. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart